Overview

overview

9

Static

static

5

45a1ecfc37...9N.exe

windows7-x64

9

45a1ecfc37...9N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 08:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    45a1ecfc37b71688fbabb181f75832d009e4dc4541e267ea85eec5831a635d59N.exe

  • Size

    67KB

  • MD5

    8d0d531abbab040746551883ca57c6b0

  • SHA1

    d109bb6c5e3a4a1f735bcc96316e586243ab0822

  • SHA256

    45a1ecfc37b71688fbabb181f75832d009e4dc4541e267ea85eec5831a635d59

  • SHA512

    1a6204651537222a5a657ab3a6fa3502dc35d8b5e72c69898493c105c9763fbc11fad25e571cc48ee6c77e72cb1c104b757cf542b6fe0b2091f7a2add49f5a6d

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiDoe+oer:V7Zf/FAxTWoJJ7TTQoQtEr

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (600) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\45a1ecfc37b71688fbabb181f75832d009e4dc4541e267ea85eec5831a635d59N.exe
    "C:\Users\Admin\AppData\Local\Temp\45a1ecfc37b71688fbabb181f75832d009e4dc4541e267ea85eec5831a635d59N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2256

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
          Filesize

          67KB

          MD5

          27b2b7bc1996124350baa1a48557b662

          SHA1

          8fa0d8b2b6351aa1f3610ca1a9aae16ecde32944

          SHA256

          cbc826bacb93d26e976127644599ebc5a9f2ee15d57ba4917fcc7fd120db403d

          SHA512

          d10eb99158563c8dadd1c2452af8a2205d2ddfc3038ac9be6371917d9c38bffaeadbbdfcfad519bc93fd237f732af909c2a26534b7035e560b9d99735d561809

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          76KB

          MD5

          ccfcf24945ab4d8f7ed33a3c0707bb89

          SHA1

          55dba94143deac5eda160e10cfa1dde28fab9a63

          SHA256

          f0b418f7f8d834d3538a1f319aa04c83e6c153348effbca08b11dd262153919c

          SHA512

          f90c338947318c2e468e77aa393f01db85a9733fd81fc464171687cd0c3a65301e84e63bc2821fd1d4bc4fe0d54c69e268d946ac784ba00887e1ecda5a7f51f0

          Download Submit

        • memory/2256-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2256-22-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download