Overview

overview

9

Static

static

7

545c9db62c...0N.exe

windows7-x64

9

545c9db62c...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 02:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    545c9db62c28f6ffdab8001f86c99be0N.exe

  • Size

    57KB

  • MD5

    545c9db62c28f6ffdab8001f86c99be0

  • SHA1

    5f27d948750ebc31dd566ebb17228544133a74e7

  • SHA256

    79f7782f60dcd10415599c97dcc5e15a429aa44d2c727471c61d61f72624adf6

  • SHA512

    f59b8a07a75872c4bdd58326dc3bdf173f981a1ecb3c32cf5fbd3460651d3fca363cfbef997cfbc032722584304a6386f547b5899ee896289bb8196d0002deae

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7T3ja0tbmmjFFjFPjkja0tbmmjFFjFPjunhuznhuB:fny1BngzngB

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3260) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\545c9db62c28f6ffdab8001f86c99be0N.exe
    "C:\Users\Admin\AppData\Local\Temp\545c9db62c28f6ffdab8001f86c99be0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    57KB

    MD5

    58c85cb42fc4cc0670028b7bd01b7add

    SHA1

    7eccfde28458c5c55f528a2e0a314bc7f5f59f9b

    SHA256

    867c2d430e0204777e1fa66fee3a716f135a5e215b97542cc15652e13c83e7a0

    SHA512

    2f81b340623d7f6fff19968b442e767e39da8579c767ae2af86abb2a5db4ce049baf5ceefeddc796d108f136b3673c43bb05a9c5bbbe0b641915c9cf0bb31c21

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    66KB

    MD5

    0f9569686b1ee4af22d3e50cdbd4727a

    SHA1

    8e5b3ee5202b4137bf9e1e8883cd2438e937f8c5

    SHA256

    1a59285a88b06693fa7e05cc334077ef8c1228243b403adf8cbcc42dee9351e1

    SHA512

    4dbfd6de0746a2be909b75d132a65f40cbb528187d93ab2ea0e5112ea69049cf9f25437cf773863f4a1a6e6af127e4573dccaa3ded24a7fdafb705e23b390e53

    Download Submit

  • memory/2028-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2028-68-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download