Overview

overview

9

Static

static

7

cf9fbc5cca...0N.exe

windows7-x64

9

cf9fbc5cca...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/09/2024, 00:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf9fbc5cca6f4c97b0a6952c9cdff920N.exe

  • Size

    54KB

  • MD5

    cf9fbc5cca6f4c97b0a6952c9cdff920

  • SHA1

    9e6318a1ab4207af74a9adc10c267bc182dc9ab6

  • SHA256

    9a563bf92a6559c8d19e35187861f384675fb2ccf61566d6e4516320c0c6e3c2

  • SHA512

    09d6c383be1bd5e02cbb1a0cb833292b548b6ab579b60bcc85807c64a0a86543e7466fb3299b7d7c6d0ba10a86979da817b98b72e29bb25b758c3db554c7b543

  • SSDEEP

    768:a7BlpyqaFAK65euBT37CPKKDm7EJJTU3U2lRtJfOV:a7ZyqaFAxTWbJJTU3UytJfOV

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4651) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf9fbc5cca6f4c97b0a6952c9cdff920N.exe
    "C:\Users\Admin\AppData\Local\Temp\cf9fbc5cca6f4c97b0a6952c9cdff920N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp
    Filesize

    55KB

    MD5

    07f473e084748e3a78c1cda8dc3322ad

    SHA1

    09a2448f6f10e1c44df54e8de10e44de6b320b86

    SHA256

    be01bc32f5e1317a6a010c2daecc4066ab35a986c3133f99ae6c3e7d9c3cb703

    SHA512

    1b15972d42abc416a19e6c8d8d57ff071ed060b354ced82edc9ad75763f1714ebafd61f9ee50257c13518a3b27d4484966192bf2aed0bc0d98d7c1449a778da2

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    153KB

    MD5

    1e6aa9ac520daf2c10cbcc1880eda1b7

    SHA1

    0c8ceb1b3b539adbba1b31c303a954bebe5d5d07

    SHA256

    9dbceb0899c55724545c299dc7036f4fd57dfeb01c86561118c213de6b635628

    SHA512

    a64111a20d32e8a3ed24e5d31e1074ee09cf39193e0d9de04ebe798487451bc4971f438aeb5a7375ca1d98f12c0a507133009c2f70757ba48bdda3d5a76553d3

    Download Submit

  • memory/1168-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1168-852-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download