Overview

overview

9

Static

static

7

fe4764a8f4...0N.exe

windows7-x64

9

fe4764a8f4...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 00:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe4764a8f4c56a61a52ca533c86c0860N.exe

  • Size

    98KB

  • MD5

    fe4764a8f4c56a61a52ca533c86c0860

  • SHA1

    4fa4c97f83131f89c48efae6a4725b31cabd11bf

  • SHA256

    3fa08a9a4a0746ab3a4fa589cf60a804e3167cec3f03ae93f5f945fd5660f979

  • SHA512

    192df96ffda6d7268844e7faee499cfa0a41773c3cd7f3c31ac57e7e04d1561ec6aa18282f6ccaf7b59d1a327a94e43f22853a7bb60e401679829fd7160b53c2

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsJOLKc/xJtLJtTGl0Q:fnyiQSohsUsUK90Q

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2950) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe4764a8f4c56a61a52ca533c86c0860N.exe
    "C:\Users\Admin\AppData\Local\Temp\fe4764a8f4c56a61a52ca533c86c0860N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp
    Filesize

    98KB

    MD5

    efda7d45998cd2628573ddbd88802380

    SHA1

    45d2f083203afc9441ee19fac02e54397734ec97

    SHA256

    4f3fd8419980a3948ed7eb29584fa212835c04254e97ebc2500ae04728a2242b

    SHA512

    e8e5883699b820393345471f9a8645b1f3c873d2f94487a63a76c64c436d96ab907077bab35cccd55771de483df040bfdcef211a1f1e3a7f7eaeac6ab52edffc

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    107KB

    MD5

    8ee0221f7adb9b520596a26cbda67343

    SHA1

    08e43e022b8989175c1ac5a7d2c1defee2e5fad2

    SHA256

    edc27bd810c543f560beb27e3bc8cfa9ade919f262f8d063030eb78bec0d015d

    SHA512

    25d519eb2a8bc712ea34a40ce0f056e6aa6bf65ec1c98d256a5d7eb619ac9df47bb441d30b4629ad49ab6f7e44a270d1df4b2a188ce2a51d08da9462996f585d

    Download Submit

  • memory/2792-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2792-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download