Overview

overview

9

Static

static

7

676e27454f...0N.exe

windows7-x64

9

676e27454f...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    676e27454f71bd8fe77e1e266a30cac0N.exe

  • Size

    29KB

  • MD5

    676e27454f71bd8fe77e1e266a30cac0

  • SHA1

    8a7e6ecd9efb26a1b649d3f84aee071224c5d397

  • SHA256

    0bec07b74653535c1ae0ae2f2ecb2ae94d100fe3aff8686fe7bc002cea317cb1

  • SHA512

    1089790c8ba11dcc2abf2d4a9da9a246c9671abbd65e89d2701db61da938c68edbd9147e3338d5e139174ad097f207e589f63f75d1370e817269f819b599413f

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+9ZJ0:kBT37CPKKdJJ1EXBwzEXBwdcMcI9ZJ0

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (506) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\676e27454f71bd8fe77e1e266a30cac0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676e27454f71bd8fe77e1e266a30cac0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
    Filesize

    29KB

    MD5

    453d997a1761b37a1ace3ed80de5ae68

    SHA1

    707b59e1d213085f3461df9da64f8903c6e552da

    SHA256

    7139c23f8e35d5754bbac8337494e0ab6918cffcd2e99fa2b882c090cf70908d

    SHA512

    8e7f522e75b38e1d1cd06717a1dcd4f80ab3e4f10704076206952fd4bb2328bb849cff57ab92c3a2a5af5f778f6226b1668a3c342d7033a242f753804e0dfe87

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    38KB

    MD5

    a8360f4d242380f1658b4c13b1c7c633

    SHA1

    cf08347b98c9a68ffa07b74b384aa29e5942b4e8

    SHA256

    bb1a8cc952ee00ac5f7bcc9afa9afe580d8f8f3e231434f7b1e221e359f8e5e2

    SHA512

    5705c104f0624fe4e5e2c83b8540e05a5df99166bb0fe9ddef77277e3f47bfdce553adb607a05f384e2d452e55c32c343bcdf022c4db7db0004ac032376259f3

    Download Submit

  • memory/584-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/584-26-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download