Overview

overview

9

Static

static

5

67090fbcd4...61.exe

windows7-x64

9

67090fbcd4...61.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2024, 22:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    67090fbcd4f1a911faff02ee876dcd8a0104d6570b74089e83bf68f92040a461.exe

  • Size

    60KB

  • MD5

    218dbada49f538509f66d708b1d87ed8

  • SHA1

    43e06ea7d5d9cf555bc8fd943120cec8b1542e92

  • SHA256

    67090fbcd4f1a911faff02ee876dcd8a0104d6570b74089e83bf68f92040a461

  • SHA512

    bebc4b775cafebf2a4231ccd2c40bfd4b9dc627178117dd200be6ee90063cfece1454167bf8a46c90b6eeccb4f33cb07a088e6e54bc36a0d6f5207a73b6bbad8

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBHfBo8o3Po+c+O:V7Zf/FAxTWoJJZENTBHfiP6

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3647) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\67090fbcd4f1a911faff02ee876dcd8a0104d6570b74089e83bf68f92040a461.exe
    "C:\Users\Admin\AppData\Local\Temp\67090fbcd4f1a911faff02ee876dcd8a0104d6570b74089e83bf68f92040a461.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1016

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp
          Filesize

          60KB

          MD5

          bf3469a679adb18244622fbb6984381c

          SHA1

          e2901c88e7986a9f5f00da787afd3b1e38db167e

          SHA256

          9f20da6557ba5ad11c63b25188e1552ffb99556379889f40d39e38479526b73f

          SHA512

          01eac302251d7c4a967a45dbc87c0967b8a50a79c01d1a202e7cce2cc972021ae7af6fff045f471ea691a897fd245bcc766ebfbdfc13b31bb779f725f4686e48

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          69KB

          MD5

          dfdb96649380f5a3d2f00be39f09131d

          SHA1

          cdf2841a3be35fc5c5bd63ff1b69b0276406efdc

          SHA256

          b4f818d7feaac08e6f7ee86fc75fce51f901e49b4c63a731e839768b820b2b6f

          SHA512

          a8dcde6201809b8e8c5208fe2db350ffc556399d3fb6be9d1e8e06e44dfefda3081c828a890f8ad266e4da73d6e46dfedcf0631c488ba29492ad333c68fa1a47

          Download Submit

        • memory/1016-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1016-70-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download