Overview

overview

9

Static

static

5

2c80a5efbd...a7.exe

windows7-x64

9

2c80a5efbd...a7.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2024 01:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c80a5efbd858bc80bbecb2bb3facce7cd8884d5068ca842478a11a71502d7a7.exe

  • Size

    164KB

  • MD5

    c6da8e3ca59c6c8ebd068bc59382913d

  • SHA1

    7769e796446ee50437427f0f3f2f8d2ed1048eff

  • SHA256

    2c80a5efbd858bc80bbecb2bb3facce7cd8884d5068ca842478a11a71502d7a7

  • SHA512

    b3e1ffb4085d00e8a05b0b3c07ab900586a3c803a868b8d290d2d2b831701b1f640563c122001897f195caf424305f7af76d3555afce87f100dc734d96474a8d

  • SSDEEP

    3072:fny1tEzJLJWWHIjN3tj6qnv0b2UrXkbvLY:KbEJIjNDv0bNXkbvLY

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2817) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c80a5efbd858bc80bbecb2bb3facce7cd8884d5068ca842478a11a71502d7a7.exe
    "C:\Users\Admin\AppData\Local\Temp\2c80a5efbd858bc80bbecb2bb3facce7cd8884d5068ca842478a11a71502d7a7.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp
    Filesize

    164KB

    MD5

    04969ab239bb20d8f930cc4fbb2bfa03

    SHA1

    62efd49c8ce5f1dc7b793ed3006ebbae23bfb05d

    SHA256

    edc3111d202c6f1295c6b5f217743156a90ba411d6fae1bafeb5cbf5045520aa

    SHA512

    3f592b2685088af1de1530bbe053393d509b57fb163c95bc35d2a2012673898a7e86abfab537456b8a411916ec6cc1a9426231451901961189c841f912338b9f

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    173KB

    MD5

    ce960c2d2567120b3bcf8df35d61fc69

    SHA1

    6f48b56075b3cdd97383fc11e718923b5177b265

    SHA256

    1feac04e1371b1f0a1468cdec18b5016e57ce5356b7fe7ca25998b86f47b1bf5

    SHA512

    9fe02a455e49a1c6928007f4551053d59a3664695817b6c6d71f95290839f92426c78ed32dacaff02f6790ae74fab683b8ab08f2e89491982e63a7c03fcf3ab5

    Download Submit

  • memory/1076-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1076-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download