Overview

overview

9

Static

static

7

4c7e6e3ca3...0N.exe

windows7-x64

9

4c7e6e3ca3...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-09-2024 12:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c7e6e3ca396a0baa145cca0a731f140N.exe

  • Size

    56KB

  • MD5

    4c7e6e3ca396a0baa145cca0a731f140

  • SHA1

    570024b3d1934fa63af78422f7e7e6a1b3754164

  • SHA256

    97ff492d6debdc6402f83eea53cfa614c0256769f9ca242b53fc4e2c4b62152c

  • SHA512

    a621683879dda5c21b37b27e8a71a65166bef69b658c7d43717a670d576d8f9b37784796453b1c980cfb6918d12773494605a7ce4e8a71943984e39f9d93c50f

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKF9ADJ8:V7Zf/FAxTWoJJZENTNyoKIKMW

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4650) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c7e6e3ca396a0baa145cca0a731f140N.exe
    "C:\Users\Admin\AppData\Local\Temp\4c7e6e3ca396a0baa145cca0a731f140N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp
    Filesize

    56KB

    MD5

    0fa680f97f5a0a1d3f7ba042cc9f6ce2

    SHA1

    67d11fff3c3b4029364fb5b283234744419dc11a

    SHA256

    adb7e2fac199bbcd33332d96162564354c47ed3f0bff548f518d5a60ededea8f

    SHA512

    f058afe3091d88ce9b97536a49d2076f0f0460dde43b1259acd573b06e4dc0c51daeb5bb13f669aa3f1fde7610a67947f807009824efcafcf9381692f1da81b2

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    155KB

    MD5

    09af197b4d7ecb2f3eaec534fa851f0b

    SHA1

    18d4fd9b3b0074d538011b2f2ab9279261d83ee9

    SHA256

    f01138e35ff1565e14d2ff71af3286ed3ca1cf2576db807cbf4281cc436f9ff1

    SHA512

    bc60f6f7b63c8e81ee016c5fca4c4ab8e0971d027efd32dbc6438e337fc33ddbb609ad6ab505681241100d2a39e05993a63539d0c70b9ff6e85f41e383329883

    Download Submit

  • memory/3032-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3032-936-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download