Overview

overview

9

Static

static

5

9f69e22e86...58.exe

windows7-x64

9

9f69e22e86...58.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 01:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9f69e22e861a32d5953c99758ed5ef32780102d26ed774f1358d4c4aed1a9e58.exe

  • Size

    56KB

  • MD5

    c5ea11d0dd5426e19964ead88074a75b

  • SHA1

    11551a55c9550200a2672998f02ca14540433131

  • SHA256

    9f69e22e861a32d5953c99758ed5ef32780102d26ed774f1358d4c4aed1a9e58

  • SHA512

    f0eeac77fbe317b33d04689cf76bcd3eddb091d268cc24228af1c912fdef23c2153a6d13ba42d3acfe5d7a5597fb99bd6f3d86eacb73ea317fe3859c62843ddd

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9nPzynu27qynu27z:V7Zf/FAxTWoJJ7TRyfqyfz

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3711) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f69e22e861a32d5953c99758ed5ef32780102d26ed774f1358d4c4aed1a9e58.exe
    "C:\Users\Admin\AppData\Local\Temp\9f69e22e861a32d5953c99758ed5ef32780102d26ed774f1358d4c4aed1a9e58.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2528

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp
          Filesize

          56KB

          MD5

          1a71b76ecdda5edb506b7ea0a6319b6f

          SHA1

          5d4aa8a91f9b2e6b49d7db4e668565c7912b4589

          SHA256

          606656edabed750e1f3a84eb7d0b405b3ef13bdb52cd0eac45b44fb45417c204

          SHA512

          444483614cf0d0cc741e5a09cb21656cd2b0e448a4ec4a52d09cbc371775d32e8251074f2d6bbfe3b14fb447c555db28d92e150867791c0c4bb95d4b8c7c4f15

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          65KB

          MD5

          bbd6f2d367861c4432b548aa181f160d

          SHA1

          af28b98dce05d84a9791fdfa9a9c4766b5b970a9

          SHA256

          e400518deedd8c886a83af9d65e270e95b3120d4ec4ee70dddce2ccc47b35bcb

          SHA512

          da0728a82a93f29ebb1042c12dbc082779bd1d2a9c6c0ae26193e13543b7c37f0fd806dad18a0802576b47274e5e74e6be9f6407ecd7945b7531eb4631a02fd5

          Download Submit

        • memory/2528-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2528-72-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download