Overview

overview

9

Static

static

7

fcdcf5a01f...ae.exe

windows7-x64

9

fcdcf5a01f...ae.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 03:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcdcf5a01f07e9b2553f2ff508b9ace532da11a16c667f51e48849059c8d64ae.exe

  • Size

    47KB

  • MD5

    269f7626dd29bbbbc90bfb17b1f2b5fb

  • SHA1

    ea9fc8edd2c06187768c78e093b545f57f287073

  • SHA256

    fcdcf5a01f07e9b2553f2ff508b9ace532da11a16c667f51e48849059c8d64ae

  • SHA512

    c090f71c69b7cd34525a6f0e0729cbcad2b003facb18803b341a2a031adc37ecfe1968b42f61fa50681e32ceb8581e8beaddf7c4270409c4ec4aa7d9f8e5d870

  • SSDEEP

    768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeinMdi:CTWUnMdyGdyoIOIZ

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3681) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcdcf5a01f07e9b2553f2ff508b9ace532da11a16c667f51e48849059c8d64ae.exe
    "C:\Users\Admin\AppData\Local\Temp\fcdcf5a01f07e9b2553f2ff508b9ace532da11a16c667f51e48849059c8d64ae.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp
    Filesize

    47KB

    MD5

    3006b4ade840ba9079c04f31797f60ea

    SHA1

    cc57b7d1d0915001e576707c8e98a099d4082c49

    SHA256

    fd91ce9920d501f6e3fcd368feb666a9033c1f91a28bfb5a53124089fed7125d

    SHA512

    0ed21060b8ccb817fd14029644de36556d801b99fb2252a26fcdf6ef7d345b565da12337d5bdecc6f279a4deebfc159bf4ccd1f8cd8141e4d542bd9e88009939

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    56KB

    MD5

    3d521ed87a261199d593fc7e29d83a53

    SHA1

    3b30e4f09021097a0d556d01539c8b06213fa936

    SHA256

    d5183abd4b0693e8010c704e3f15d1d01c75263c40acaf905f09b72e05490001

    SHA512

    327a30d127507a4def332dd4cc5ee4e0f253f0e35a0e7b6285274521ac7d54668826116a44bb73de2735fed2fbb168cbe92d605265994e7c4dbcccfb9b85a781

    Download Submit

  • memory/2332-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2332-70-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download