Overview

overview

9

Static

static

7

77a6ed903e...0N.exe

windows7-x64

9

77a6ed903e...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/09/2024, 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77a6ed903ebadbe6bad327b29f63b3a0N.exe

  • Size

    56KB

  • MD5

    77a6ed903ebadbe6bad327b29f63b3a0

  • SHA1

    686de07179b89f0375c3e23c79e4288943f1d80b

  • SHA256

    65a71939f6c255f5d80ac704f221139c295b3c97ebb8a33a8ef9a445e503ec72

  • SHA512

    2fd5f6ec6974ff6a2d4ca6a6c0d4e85b16fd5bd5977f8873a0ee2853fd8816d8d1bf8cdb26f856b8db7fba4f2bca7a22e0cb9b2c0f68b3914243bd7dfc28fc5a

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKF9ADJt:V7Zf/FAxTWoJJZENTNyoKIKM/

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4673) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\77a6ed903ebadbe6bad327b29f63b3a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\77a6ed903ebadbe6bad327b29f63b3a0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp
    Filesize

    56KB

    MD5

    bdd9b829d592ae40575fdcefcd21e917

    SHA1

    6e8160a5e601c3a89c1a29810099756f1edfbf60

    SHA256

    527a1fbe18fd5cab44b13a75d21e248e1e931a908de94ae4e2ae0709ef7076dd

    SHA512

    d15f3b386ab0aaef625b455743aeaaed6173ca2cf7a4c1a5cb3931d12e3bf8862f1d6a90298e9da2a095594172e925eb29fcca317859f0d6bb51d66e449a71a1

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    155KB

    MD5

    79d0efcbaf810e9f3fa3a1b1b89ec801

    SHA1

    101033c4f9e2474b5b37b321527e73c43162bb4c

    SHA256

    5d44c99767d67cd466f0eaf85be015f33f4638d5a4bbdfdb871d84e3bbc96c81

    SHA512

    878cef0f0a82d23f73d4e9f1ab7e1231037b61adef00a408d8ed1125e910fde3404b76fd9ffab92d9d39d69a3ed94e8be79ab405f9cdb3620da716eb0b4c92c7

    Download Submit

  • memory/1060-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1060-912-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download