Overview

overview

9

Static

static

7

59f0387b75...0N.exe

windows7-x64

9

59f0387b75...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59f0387b751933bda2f98387f6189e60N.exe

  • Size

    38KB

  • MD5

    59f0387b751933bda2f98387f6189e60

  • SHA1

    7e6501bc464cf8aed5b5ee8de4845da780b95d55

  • SHA256

    eb0258b54b17648f6ba30bfaf7241ca2a123390307a437caa0d776ffada21f85

  • SHA512

    812175fb6edb9d06319e4be3fd0c558b93b1b08f61150fcade590c069a5c73104ab04fc5202b5c042617572a156b21f1e0953e2841a49143e96d1d90bf8ae8ca

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATBaMY10cNzc1Nzcj:CTW7JJZENTBTYWsj

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3172) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\59f0387b751933bda2f98387f6189e60N.exe
    "C:\Users\Admin\AppData\Local\Temp\59f0387b751933bda2f98387f6189e60N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp
    Filesize

    38KB

    MD5

    4e9efdd151d81964b648766e466d036d

    SHA1

    85c21e950277ea1afeebabe8d333f56416d60fe6

    SHA256

    186bb56db391a1e0d43726d2b8ee3039267844b42101c1d9f9ac3e4632019309

    SHA512

    6b12b56d0bd2b6ad5bc812da5c27494a2a47d7f201aea72f32a80c3d3aca1b657cc0f3736e1395394a3b607cadcdff307552fd2ba60c2bafd0b600e7f47c69b0

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    47KB

    MD5

    d7a581083be2f8d1a8fcf945d80addc5

    SHA1

    bec77733dd5315f22b10424a5330205256df7aec

    SHA256

    2850fa409a1d918c8c86177a92fc2ead55d1f9876ff539f186ae2d45bbc620eb

    SHA512

    99c073e46e4652ef113dd28155fe87a8ce0d547d0a831529a24b974cd979ec6fc290f6152988c0d213aa009ee62549a7fb1ddbd8b3c257503104a1bf8df485f0

    Download Submit

  • memory/3032-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3032-70-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download