Overview

overview

9

Static

static

5

57f20fb363...9N.exe

windows7-x64

9

57f20fb363...9N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57f20fb363a948e13677400a8fb8e4b260d4e2c388a1ef8325b0ab28f1969f99N.exe

  • Size

    40KB

  • MD5

    aa66ca9d9a70afa4db0f8853e24f9950

  • SHA1

    a6a0107238948022ddc12d27dc74c1a6e22982c2

  • SHA256

    57f20fb363a948e13677400a8fb8e4b260d4e2c388a1ef8325b0ab28f1969f99

  • SHA512

    5f707f3cec19fe8211dfdcbcfc73eb0ef64c665c804dbe9d015ebdfc5d9304053dfc4d4728ac06cfc25e153f388fecff5199a7ad1d8531fd63e821b11a62381a

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Hx3R9pi1xOR9pi1x/:CTW7JJ7Th9ko9kz

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (464) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\57f20fb363a948e13677400a8fb8e4b260d4e2c388a1ef8325b0ab28f1969f99N.exe
    "C:\Users\Admin\AppData\Local\Temp\57f20fb363a948e13677400a8fb8e4b260d4e2c388a1ef8325b0ab28f1969f99N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
    Filesize

    41KB

    MD5

    5d45ebc52a75a8ba0c7bf0e4a475d753

    SHA1

    41b34e2e8c879636ce57a73aad3147ee1be12b54

    SHA256

    7624ab2fc8216b8b853cba254033b6d204015d6b7aef2ac13c4b1a37dc6f94ad

    SHA512

    a6ce4f2b15a8288b1ef5bd7e543f6994b91c6372ee1abcfb4e6e10b43b5834687efc88980e0c9794b8eb3574910c04b767b3789c40a35091d38486a316bc7637

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    50KB

    MD5

    f5621b50694645a18adabd049eaf5a0f

    SHA1

    32a064c8daa9752ad6f0e1e23aff8b30584e71cf

    SHA256

    0c0cfa886b0c4f30c1976c6967b9764593527379959d5880dd0f72311657a1fa

    SHA512

    03e851d5bc369dc41d15867042025cfcaaff003fb1899788e319b2049dcd3e41ed7c320c27a1e6ecc397e6dcc567535942e4a24f88c2979cb8b1698372e2d3e6

    Download Submit

  • memory/1348-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1348-26-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download