Overview

overview

9

Static

static

5

1ce07ebd2f...cN.exe

windows7-x64

9

1ce07ebd2f...cN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-10-2024 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ce07ebd2f1c4d55b9caa6af7d461b02adab42c31ddbff2b9b7ea8b3c8d38cfcN.exe

  • Size

    1.1MB

  • MD5

    86d3d823b45d47c79feb84c3e9dd3420

  • SHA1

    03a64c27b21219b68966a532b834b3dbca03e5e9

  • SHA256

    1ce07ebd2f1c4d55b9caa6af7d461b02adab42c31ddbff2b9b7ea8b3c8d38cfc

  • SHA512

    c806b4329ae4b78f81f01722be0eaa88ad71c1917a2476058f6b9647a8a998fc3d4193b90c8d7fce4bf5756febf05ed66f246dedb5ee55cb0ba9ba793a121568

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9Ro+QOViJfo+QOViJqWZ:V7Zf/FAxTWoJJ7TPUnWZ

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (505) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ce07ebd2f1c4d55b9caa6af7d461b02adab42c31ddbff2b9b7ea8b3c8d38cfcN.exe
    "C:\Users\Admin\AppData\Local\Temp\1ce07ebd2f1c4d55b9caa6af7d461b02adab42c31ddbff2b9b7ea8b3c8d38cfcN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp
    Filesize

    1.1MB

    MD5

    df395f56588d1e382e4a1f415477f527

    SHA1

    f66941c5875823162cbdd32e519b5e8e1217acb0

    SHA256

    73a7b5cf0ddf5efa22bce0f3631e4b60d6d2b4407fc0d74cf137aaeb66790253

    SHA512

    100c718cd92e503fabe95738013724ab8d43789e87c860f3095fe669b37a16594bda6b03dd66da726ddbb68b8c1dafcf0ac32f15b885fcf1ac40e07527d39570

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    1.1MB

    MD5

    d7194adc75c44791467f7d86d26029c9

    SHA1

    392eb5edd7ab49e3556b2a09e107eb93d25fe72b

    SHA256

    2103862b1f91879ecddcfc06a342b0aa30851f74548387fc0dc049e7a863e806

    SHA512

    6d96a390c51160e4c2730ecad0dafad3397febfa5c4395de31beba2055bfeeb3c7cd4f42c24ebf88d56609f820a432d866b92b237d931cb6d249559b956d36a6

    Download Submit

  • memory/2032-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2032-62-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download