Overview

overview

9

Static

static

5

64370fa84e...0N.exe

windows7-x64

9

64370fa84e...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 12:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    64370fa84ea07ff148dd53db66200ae833498fb82f6b43eef8885ba228d9da80N.exe

  • Size

    69KB

  • MD5

    90d5e451c6f98ae3ebc82e20e76adaf0

  • SHA1

    2b8aa43429b67e24ed0146dc17ec3728991875e2

  • SHA256

    64370fa84ea07ff148dd53db66200ae833498fb82f6b43eef8885ba228d9da80

  • SHA512

    d388b19ca865c9f215ea7cf3d3f7159dc2145cec1095d477c0afb048f1b971c70c3243cb3453f631b162c40bbf54c6f88d4a81512264540659f38dcc138810f4

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7T7jkKCVk+TXT53XB3XG:fny13jkKCeunBnG

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (335) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\64370fa84ea07ff148dd53db66200ae833498fb82f6b43eef8885ba228d9da80N.exe
    "C:\Users\Admin\AppData\Local\Temp\64370fa84ea07ff148dd53db66200ae833498fb82f6b43eef8885ba228d9da80N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2976

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
          Filesize

          70KB

          MD5

          24f19f6ad80569bd3eecc16853efbf26

          SHA1

          c4d4160cdab4b71b81b0fa5b208ce5dc451992fc

          SHA256

          fdcf924ddcc9247fb524d68789d6983016a7db4643707ce7dd0976ac7e5cdaf7

          SHA512

          fbbcd37161bb4b938ea6957b1c3d0e30c4a5da9b92b157d471a287ac6dce67966b0794c15501f87599da16c46b3df8326b1d1d6c4b9dba9ac180e20b8e6a85d7

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          78KB

          MD5

          f57de55102ec92146f6c4754233a7323

          SHA1

          4a6b260642714c7fa45f599d1bce07cf506e9313

          SHA256

          c35bb27a5357d3889219765e7dad86511b1a1e294fdfa713192fb7dfae62f669

          SHA512

          1b38bc5a929cd37f35a1fb0b5c1a6b3683d063fc983b1bfef6242dff6fd74dfd05d9a1f2cafa6710b3517e015aaad2bcffed38ea41e0974157f88e4b8eb0c671

          Download Submit

        • memory/2976-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2976-26-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download