Overview

overview

9

Static

static

7

9ee5091bc6...0N.exe

windows7-x64

9

9ee5091bc6...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11-09-2024 05:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ee5091bc62b7f6db7d3550d01844a10N.exe

  • Size

    53KB

  • MD5

    9ee5091bc62b7f6db7d3550d01844a10

  • SHA1

    a91011af0fb18ea197e5b729cab6da1e3bf40bd1

  • SHA256

    f27edb355c53408bff2c47328ba75b259c6d8dcb16e3cd165ab681297c8c2285

  • SHA512

    c6a336e2babd1c40fce03852930b1138d60df120f8625041eb8f3504cc5b6fbea6635b0332ed6db2b2f4a7b8364015b75321cc09da9454ba010065372b966d7d

  • SSDEEP

    768:a7BlpyqaFAK65euBT37CPKKDm7EJJ1EXBwzEXBwdcMcI9Aq:a7ZyqaFAxTWbJJ7TOq

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3243) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ee5091bc62b7f6db7d3550d01844a10N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ee5091bc62b7f6db7d3550d01844a10N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp
    Filesize

    54KB

    MD5

    23a629a64ea208f07fd54e765091770d

    SHA1

    c80e72e217058643f61c9301b6b8bb0243eed664

    SHA256

    277d611b384d98a321932afef814e7383f0c19a124394e87fb0ba2dd97b561e8

    SHA512

    49abf9fe3d1e6abbaeba83e14536336a26ed693be04c43a9032725ed42bd791afcd351bd08d54c8d93c34a863c87a36f44e22f84f7225b0c557e7790e9e0df33

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    63KB

    MD5

    5e8b1719985bec8b8f13a1088ea861cc

    SHA1

    a2c786c87b9292af23d474d08ddacd33949e092c

    SHA256

    e5156b056ab3c9deae3e27555528e76b4430de07ef65907128c2fbcee2744665

    SHA512

    b3c07d5031aadcd5497fd2751b485173fa0abc6578d934498960428150dcc98d94509919cfe128910ad29acd694e993f956fb0132b0681618d56c7617da1c1a0

    Download Submit

  • memory/2356-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2356-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download