Overview

overview

9

Static

static

7

7ec4998695...dN.exe

windows7-x64

9

7ec4998695...dN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 10:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7ec49986954b85897bfd7b5152f2998eea401e1a611a694183232891b6da773dN.exe

  • Size

    68KB

  • MD5

    0ec9181f01df422fc5ec3c9c99598ef0

  • SHA1

    3a849f655abe1920ad1fcb1bc00484d148c97390

  • SHA256

    7ec49986954b85897bfd7b5152f2998eea401e1a611a694183232891b6da773d

  • SHA512

    73a25567afe7885a6b50a46fd5de07f8e71aa5fbf15bf6e502966bc877c232e3794224fa75a2b470fb2eb68b5e79422d4be1b169d1d8456a6b1bb5413c5e14e2

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiix:V7Zf/FAxTWoJJ7TTQoQix

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (324) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ec49986954b85897bfd7b5152f2998eea401e1a611a694183232891b6da773dN.exe
    "C:\Users\Admin\AppData\Local\Temp\7ec49986954b85897bfd7b5152f2998eea401e1a611a694183232891b6da773dN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2216

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
          Filesize

          68KB

          MD5

          5336f7abaebec8a920e4fa6f21c270b4

          SHA1

          49395c9391dd6c5f1b8d565f194afdf1bd2375fc

          SHA256

          93d50c76883f6cc8efed7d86fd76246f483b1b40f977c265fb186f20d3ec3425

          SHA512

          5e4ea28487789e5557b40745c8d08adfc1e75b7bd797238dc28401715c0354177c1579f69d6beceb43cff56677d25060bfc68faefa45dd6f5d8fba4dfcfe2c64

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          77KB

          MD5

          34ea2e730b805f7dac21f5f12d4e3c14

          SHA1

          a2f319e3fb637ad364232b2c1a1a94ad4c7cb051

          SHA256

          edb15ff524988b5357cc2286d599381e8938afb98bd0fcf8b7f548fbb8ff574f

          SHA512

          c6c50fa13f5ee45fbdb45f4881dab2603a243d2dab3cf68d355d30083852fdbaeccbb886e7ab33adafe778d5195fde61102b1ca76501ec55b3f547f1eee39e0f

          Download Submit

        • memory/2216-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2216-24-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download