Overview

overview

9

Static

static

5

c1d1f48f7d...3N.exe

windows7-x64

9

c1d1f48f7d...3N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/11/2024, 05:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c1d1f48f7d75faf372edc3d5142a459234e87963b6b7f9ceb60258f34ef27643N.exe

  • Size

    94KB

  • MD5

    b50603db66413f03c2c2d396c1e05dc0

  • SHA1

    9aa8417c78819573d421c08546e9386a814649f1

  • SHA256

    c1d1f48f7d75faf372edc3d5142a459234e87963b6b7f9ceb60258f34ef27643

  • SHA512

    895c6903c4240af9edd75d06c68b9dec82d3e264745f12162f091a9938fc8410a91f25b908b018be71b6bb4f516f63729a381d2f6fa63fe38e077e244f8eea24

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTBHfiP3zHQYL5HRXxkcKck:fny1tESQM5HRXxkBck

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4338) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1d1f48f7d75faf372edc3d5142a459234e87963b6b7f9ceb60258f34ef27643N.exe
    "C:\Users\Admin\AppData\Local\Temp\c1d1f48f7d75faf372edc3d5142a459234e87963b6b7f9ceb60258f34ef27643N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1200

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp
          Filesize

          95KB

          MD5

          a472ec7187200fe87c816119f51652f9

          SHA1

          4235cc05ac88fcd00b6aedf63f857ca3e6a3548c

          SHA256

          05b013eb6a8cf6f721b18498d11d0a96567886e413bd117a4aa02960c4f91064

          SHA512

          eb09b8c33e0a0dd55b8c1026fbea023f444da526ae6fdd2c73932bc629c4689115031fbdac97563ffdb12102d097a63a320a8d1811c0fd841f6fc387b6302132

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          193KB

          MD5

          70de1194c1af6f0273aef314a70e4468

          SHA1

          257fe523f5f9b2f0cd9e821a028665b03dedf359

          SHA256

          f65e3b07734aa411270d03760acfd5e64450a0ebfb76ef19fc7b800ec680c040

          SHA512

          cbae5e625af1ed6fd9ff38668ef77246e50b2adf158ff313f0571c984641d827c375d00f05581fdbe37c79d7b1a327402534797577bd682b0367de4cbe790bfa

          Download Submit

        • memory/1200-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1200-700-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download