Overview

overview

9

Static

static

5

4ca1ed7dc2...c4.exe

windows7-x64

9

4ca1ed7dc2...c4.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ca1ed7dc276e86aec6d91b424842c286335039f6fb36e546f8ded9904d42ec4.exe

  • Size

    66KB

  • MD5

    6c505bae0ce28f14a4ce2c6b08cd7fad

  • SHA1

    9d5b3eaf3c0090675ec8609994e5440af169df82

  • SHA256

    4ca1ed7dc276e86aec6d91b424842c286335039f6fb36e546f8ded9904d42ec4

  • SHA512

    0f175d125c55096ea594af2dc4532fdd8f536ba934e60eff453e511c4178a265af7be17d4b521ad7143c1a3163a833d422ac29f17a23acabb94ec895fed3c497

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxY5Kwgcd:KQSox5Kwgcd

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3806) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ca1ed7dc276e86aec6d91b424842c286335039f6fb36e546f8ded9904d42ec4.exe
    "C:\Users\Admin\AppData\Local\Temp\4ca1ed7dc276e86aec6d91b424842c286335039f6fb36e546f8ded9904d42ec4.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp
    Filesize

    66KB

    MD5

    adacf021e6d2a48724a6ce17263f912f

    SHA1

    56a618d55baffd59a296e342113f6d4e41f674d7

    SHA256

    a0e4022fff8f039148705f5eea7e3a4ea5493cdd8492196598f9b70b8122e4a5

    SHA512

    208eff1bd517d035309182e49281bc16e78500aca64c8060cbeda38bca8c2dce008a05887fe50133754c48c38921baa6e24a8937960b3df1096feb94208755ab

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    75KB

    MD5

    18c23c12daecb60a01586b1b04772be2

    SHA1

    681873253c9016e586ef15d073a0a0015bafe2e8

    SHA256

    a7a13e4b843ca3232451aaddfc1d61cf010f5b06adab5f1a7b0522605606ca50

    SHA512

    309a6031a1e8057cd7997b385c089718f82aae389ef49fffa38f644defecb896b361346bca034f66e1e37469a021a6ec1a8005a96b149e0505d598559388cf35

    Download Submit

  • memory/2088-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2088-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download