Overview

overview

9

Static

static

5

8ca396acb6...2N.exe

windows7-x64

9

8ca396acb6...2N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2025 21:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ca396acb6e472dace394c39cc609733778444b62f43b5a6af9e4942ce4c98d2N.exe

  • Size

    105KB

  • MD5

    f69cbade6dd91fb4fc9d0b45f007d180

  • SHA1

    f0200ddfdb21b44ebe98045b20408ab65243ca04

  • SHA256

    8ca396acb6e472dace394c39cc609733778444b62f43b5a6af9e4942ce4c98d2

  • SHA512

    f3de1b1a059c8b832c4cdbce7987ba321d2cadc9c7e22bfc8334699da40a537fb10a02658ea0d9f33ef65bc82fa8ac08236e018d0071f927e83172a6d73558ad

  • SSDEEP

    1536:a7ZyqaFAxTWbJJZENTBmRPsdj2hkAeCgI3i0CJS1Il+lM1hiC2CaS6:enay2tEyyj2yAeCgjJeS6

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3135) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ca396acb6e472dace394c39cc609733778444b62f43b5a6af9e4942ce4c98d2N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ca396acb6e472dace394c39cc609733778444b62f43b5a6af9e4942ce4c98d2N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp
    Filesize

    106KB

    MD5

    310b7306e2a0d633e43604d99d0fabf3

    SHA1

    23061740d4222db10006ac1d6f4b673405d2715d

    SHA256

    b068ee7e1b126f8f0420bae68f71b33daf1897955011c24f98406cace506013a

    SHA512

    84e4fd952ab5443d4a94cb53a501284ebee490f3eed90b9a3a4768db28ea25789c43a1ac644f53b6df8a93137d8e2484d1dfe8adc095c9770629ad3a29b48f67

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    114KB

    MD5

    1230931b5af1d5efcd09e5ec3bc7deed

    SHA1

    37ebb4fe0090acb4bf38ead262c9c6ea7963ee5f

    SHA256

    f0fac3a96ba4afa3bedaa90b574608ef9d1a497abd8ac47ab2c4ce2862d8c0bb

    SHA512

    73324ba47a760e041b8f36b14d711344b55d36ad64c79102f004e0320d309e3122884028c6ea53352a836ca38d46c86330e72fa0a3de33fc2f0e8aeb824373f7

    Download Submit

  • memory/2112-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2112-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download