Overview

overview

9

Static

static

7

179f7c4790...f3.exe

windows7-x64

9

179f7c4790...f3.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-09-2024 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    179f7c4790f79af322bfd325d9154b85e3b568f306f97016983a7b8f7ab339f3.exe

  • Size

    79KB

  • MD5

    12ed6d3dfa86d388f9bb914f56ed9d91

  • SHA1

    096bb743d99ed857fde8a1b38ae3ed2051ff72a7

  • SHA256

    179f7c4790f79af322bfd325d9154b85e3b568f306f97016983a7b8f7ab339f3

  • SHA512

    203041b07492655a4e70f488ef21720b843567c0ba24e248fc78d8d7b44bbbf2d8abf9571f419ddc38579dcd6aec4ced2ca4b715c5ab8128e2f72dbbdc076513

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7TDTW7JJ7TDi/D5zf6ydyf+abMkF24kzK3jbrCkoRWNkzi/D5zR:fny1wXi/D5zf6ydyf+abMkF24kzK3jb9

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3503) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\179f7c4790f79af322bfd325d9154b85e3b568f306f97016983a7b8f7ab339f3.exe
    "C:\Users\Admin\AppData\Local\Temp\179f7c4790f79af322bfd325d9154b85e3b568f306f97016983a7b8f7ab339f3.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
    Filesize

    79KB

    MD5

    957020fd967e91af2248c63ea838493a

    SHA1

    89e85da83a767d95d24d87ce46d8867af6f04d0d

    SHA256

    100cfaf9b987d93ecb6c468c803d7c1919114f3060d2bbc8aad815e45e5487cb

    SHA512

    12c9175f5524c6c64ab214e32500b1c918d2c925ddda15dfd37cb409df791c5c5b8adfc9ee497f7dc5d7a50168b5e107e2950feaed10f0aaf6fe273c5680b758

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    88KB

    MD5

    387c82e509d4b9197ebfff34c61c7c77

    SHA1

    b16d05bc9c390b522672c3d9c8614a1de1132ecf

    SHA256

    e2fccbcb576b34f93f2fa4cb710db5655d906ac991fab79e18dd1c40158ab9ad

    SHA512

    0ef7b13f750409d40d2fe9a4c83d9a2c753849190a85f9f3ac402469ade28875346e1394920239976b80256b79738208689044d86f8ac1696e8d329da7ed3666

    Download Submit

  • memory/2872-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2872-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download