Overview

overview

9

Static

static

5

1c774357d1...5N.exe

windows7-x64

9

1c774357d1...5N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 02:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c774357d197c9ae60a1edb71140a98924a36f6a8415c7f046fa428e37460605N.exe

  • Size

    57KB

  • MD5

    246927d0f5565e9fd3cee19668af9de0

  • SHA1

    6607095504115193a7982a542e3f5f792ead0ad6

  • SHA256

    1c774357d197c9ae60a1edb71140a98924a36f6a8415c7f046fa428e37460605

  • SHA512

    06489b3a0522aa38b197a317a476a50859a66ff681e1e3fce6c8e2efb024a4eb17c16ff6eb342cdcb2f796e932855cb75d6d2c3afb0c0c2feca74c97132ce937

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8+g9VyjVyw:KQSoH

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3226) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c774357d197c9ae60a1edb71140a98924a36f6a8415c7f046fa428e37460605N.exe
    "C:\Users\Admin\AppData\Local\Temp\1c774357d197c9ae60a1edb71140a98924a36f6a8415c7f046fa428e37460605N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp
    Filesize

    57KB

    MD5

    4c5f9996d892bfe26f48ea463cb0556c

    SHA1

    a4c42b2709ca5e8e4454783051bb9c66d5139a56

    SHA256

    d4b62f0d41003a397fc468872698ec829bd92d1bdd9de730f6cae9f95ccff64f

    SHA512

    a6b1ffec3d6d306be5af683771b5bb9b6087df77ebc196f1537069358c79d126fe64bdd20c7f985c1b7a91b922d8df0758d746cb68e2719fd562f1364ae8c59b

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    66KB

    MD5

    4444a4f08efd3dca6a86f7ae9eb8999a

    SHA1

    76db21b226257af2ea5b0e39575272a68a3c4cf3

    SHA256

    6dc35b33397c6987c53808ce75022f6bdc1d3fb60bc454bb3cf5b63ef27fe24c

    SHA512

    55943ffb6836384997b58eadc1bbe5b49e29c95463381003393958630efefbb0dac73de1f5873cc6e626933ca490fc8d1dbb7ae43b174f6cc0e9cf6ace862504

    Download Submit

  • memory/2500-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2500-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download