Overview

overview

9

Static

static

7

60e620cbc9...0N.exe

windows7-x64

9

60e620cbc9...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/09/2024, 12:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    60e620cbc9b12a71a8a901e788c87010N.exe

  • Size

    55KB

  • MD5

    60e620cbc9b12a71a8a901e788c87010

  • SHA1

    c4c4f1ada61283d3a74dcdb80cf628b13d2a3086

  • SHA256

    f14bf034d15e2fff2aaf12508eb4d706e443aee9c5f5d0a364c1c34d281d6b2f

  • SHA512

    2d409891b36fe503d4dcff567cbca760ea76d3efb9dae8c7b1c3990ba6861453eef573dac6b246b692ce2399af811d70c9052bfa79bfd969009b09b4d90fe4e1

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9Ro+QOViJfo+QOViJZKmF:V7Zf/FAxTWoJJ7TPUN3G

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (323) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\60e620cbc9b12a71a8a901e788c87010N.exe
    "C:\Users\Admin\AppData\Local\Temp\60e620cbc9b12a71a8a901e788c87010N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:984

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
          Filesize

          56KB

          MD5

          571784602905f25cd28457c1c95ca1d1

          SHA1

          2641789b898a27d5cc603ea530825ab3f523c9c4

          SHA256

          f95a868a34eb5424615c3c9237fb0da1a9ad5ada6dea7964928c30df71511010

          SHA512

          4bc4cd8919bdfe7d2d40c76b25052d0d3bf55587c7cd454420d2014ee7440b142cfbef27316cb75e148b1fb971f024bd09331deac2f50ae8a3ea0ae2d5e3fa37

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          65KB

          MD5

          11e57b3f65962f8d27d7bfef737ff0e9

          SHA1

          263705fc7f6d9ef0bac20c8f22509764c711ec45

          SHA256

          61d1449c01c680ce50cdc8ae517dbca34e68fcaa9b3471d4527ee6f5849c4a42

          SHA512

          d3dabbf66521bacd998859bac52d2a29fa603eea246adf1c01ed8d39072639d11a1575a0ae91163efd57312e416fc210cd1f929e0e749f87e2168d2446d5d761

          Download Submit

        • memory/984-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/984-26-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download