Overview

overview

9

Static

static

7

5c87ec6362...0N.exe

windows7-x64

9

5c87ec6362...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 17:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c87ec6362e566407a60ea3e36c54af0N.exe

  • Size

    62KB

  • MD5

    5c87ec6362e566407a60ea3e36c54af0

  • SHA1

    803f23e32944ef2e8ac616f8a09e1232cce5da02

  • SHA256

    e5ad3147913f0c1993e775b380750ab690a3d109d48d727e228f07f473e97af7

  • SHA512

    117f46c96138af7e6dc6e44c7f287cb5908a8e96c7b89b63829e62681599c3d6505414f25b403783b632ffb53dbf304b87582a0c34e0b9bc807bba8efec47737

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tij:V7Zf/FAxTWoJJ7TTQoQj

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3250) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c87ec6362e566407a60ea3e36c54af0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5c87ec6362e566407a60ea3e36c54af0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp
    Filesize

    62KB

    MD5

    27151b1fca5443995d3ff8f41f11cc28

    SHA1

    8b13ff07c95e6d3056d0fccec485973f5bdaaa5d

    SHA256

    3526f1efc67459b0a92f40477c0f0d20c04fd8976f72227d7dcbe302c467d72b

    SHA512

    a126ecf9ef4dcf31c64be66d5e5926a80b591154c17eecc7280f970c02d7a35d314e77730cc4988852b699e1e51eae4c4465706a11072d6555b78e5a53ddc1b7

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    71KB

    MD5

    ebff813967ef788692f4350018c5bd92

    SHA1

    f4b060faae495c588e779672003e7db1811a79db

    SHA256

    37557fa5354d8cc147f06832e23ff962e0acfbaca2ddf8ec2bd8f32bab41b903

    SHA512

    0d6dedcd0afd2b4da1a69fc5a35a5990ca06659213b738a7f8bc7a86c99a30f1213e47c28218fc01dbe40765475f61aeeba42eef6ffe2bea8365c11f00ca3386

    Download Submit

  • memory/2220-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2220-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download