Overview

overview

9

Static

static

7

ccb834eb85...0N.exe

windows7-x64

9

ccb834eb85...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/09/2024, 00:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ccb834eb855b7c25788e9f91d9ac65f0N.exe

  • Size

    30KB

  • MD5

    ccb834eb855b7c25788e9f91d9ac65f0

  • SHA1

    80f0f1f50622e7d3ebe301c4c91416ae392aff56

  • SHA256

    a64e7723a28f0adef872926c0c95bb08cadd559981571502371b3f1a6b0b6f8c

  • SHA512

    1aa18fffdfc42eb20b47b6852fa3b0b8bde0ce49e1a1667244b10e9c2ae0cdcacfc50c945d320b1cfdfafa410d416ca575a9ff162dcd6ffd6d144e8aa1b78232

  • SSDEEP

    768:kBT37CPKKdJJBZBZaOAOIB3jM2jMO/7OSBG9GB:CTW7JJB7LD2I2IbS5

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4729) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccb834eb855b7c25788e9f91d9ac65f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ccb834eb855b7c25788e9f91d9ac65f0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2984

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp
          Filesize

          31KB

          MD5

          42de8eefb14727944c43804b08bafe90

          SHA1

          0b4f5844f54c6c2db55d9ea8e3cd82d5740af80f

          SHA256

          ffa740e4eb5f6527a743681239115456385d4788179f25e4f38b9670d1369f39

          SHA512

          d7848e78da7359f422cd61f8bf0ef1766f25211c0f720c8e46cd595dfb4523f2bc16e8a10fcd6c0f8003251777d4a7d4045e66e3c599305923d5c05edb0e3878

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          129KB

          MD5

          c3bfb60311da63752c5405bfc3835c24

          SHA1

          ea97a1485c0294487c0018928e25018afa2db59d

          SHA256

          5ab899993edf21a3a30bb843c6efc5e611cf35a7016f41c6a0e735ba57c5df80

          SHA512

          6c5a4e83e75ec8529b5459141613b7f89aa4365cd2046b1a075e43156ea56e6179ed9749643c83309d05b2e4ec128effb7d0ded56b0d1173eea3532f3aeb71de

          Download Submit

        • memory/2984-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2984-1017-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download