Overview

overview

9

Static

static

7

77f091a31c...0N.exe

windows7-x64

9

77f091a31c...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 05:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77f091a31c2b4c15ae221735bb143bb0N.exe

  • Size

    40KB

  • MD5

    77f091a31c2b4c15ae221735bb143bb0

  • SHA1

    f8e60bb17124a632b0b8c43566e73ab18c484f77

  • SHA256

    307d7d97ffa296add6a4789a00608b82d017c43250f7b04fe35d48ffcc404cc8

  • SHA512

    3ae9b49f9a3b97d18ae661c384ffd3ed52e7e3f002e8c899b587489b1249df81b3095d33dc1f016070b6be9ce56b718bdf8685d3ca24aa543b688314202e7e31

  • SSDEEP

    768:kBT37CPKKdJJTU3U2lRtJfOKI+D9Ii1xsI+D9Ii1xNHQ:CTW7JJTU3UytJfOKI+h/YI+h/Bw

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (487) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\77f091a31c2b4c15ae221735bb143bb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\77f091a31c2b4c15ae221735bb143bb0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
    Filesize

    40KB

    MD5

    0a9c78828458d8b5647de56f89deb71f

    SHA1

    14bb487af5bd4be18c6c64dd67f71c1d3349db5b

    SHA256

    17371b81e50f577e2aa9d0c783b188533c5b485b57ba9a694b54f3f754b61937

    SHA512

    d614fb885d3358d44fe878011fa92e22e293c46eb1b5f0a0426bbf75cf44b86d18c32dbbc12921cdc95abed56d8b455128ef0e8c386e2c6ebfbb83f44e758fff

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    49KB

    MD5

    e17db944aca0b4d9951eb1d3ba39e09e

    SHA1

    e3db9cccf796775b765a890f5cd5f7febb822b5d

    SHA256

    e7a29ec6eb9ac9351c8c5eb7d3acf2eeba63a1cfeadaa5b2fb7393496b6be8bd

    SHA512

    6b068ac55336ea60e13ea82196479dd2ec69650c0a4f4be55debdf6dc7403d08fd4d41649e75c9b4702e62f9d831dffa8942b87cc9936ed078e755bf118a7284

    Download Submit

  • memory/2784-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2784-27-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download