Overview

overview

9

Static

static

5

0e5248d959...61.exe

windows7-x64

9

0e5248d959...61.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2025 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e5248d959a16bfa3daaff1dc9fac8c58a63f3627210a1c527e68c79044d0f61.exe

  • Size

    204KB

  • MD5

    1a296e047ceefb32186f0898e1df51cc

  • SHA1

    d4963f567aeaef91436456e96cf5741b8650a541

  • SHA256

    0e5248d959a16bfa3daaff1dc9fac8c58a63f3627210a1c527e68c79044d0f61

  • SHA512

    84670e8e01e5132772acaa4ba0ff8ce72e7b9bceb69a3e1452fa4015c333b491d5b8449afc6b8fe6d802c11ac309c8ef7594afc7e25440ad7d09eaed3bce6f2a

  • SSDEEP

    3072:fny1tEyyj2yAeCgjJQWHIjN3tj6qnv0b2UrXkbvLiPI:KbEyyj2yAIJbIjNDv0bNXkbvLiPI

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2235) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e5248d959a16bfa3daaff1dc9fac8c58a63f3627210a1c527e68c79044d0f61.exe
    "C:\Users\Admin\AppData\Local\Temp\0e5248d959a16bfa3daaff1dc9fac8c58a63f3627210a1c527e68c79044d0f61.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp
    Filesize

    205KB

    MD5

    dd552676bbd280eb15e415c465eedcbc

    SHA1

    a1461dcddb851cf5ea45cb4eeef48b58a70fd37c

    SHA256

    18c85e2ff2bff5f1619a4dec276f0ee72f4d1075b5ad2ce08544a3b1ced77a3c

    SHA512

    5d38fbe7c0e5573ed5df153cd9757893130c420b38e932e68dfdcaf137b9fadaf1bc0bacd6ae10b4825d4d0323f0b0b96df6802d6edb0ac37c31445758e82ac6

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    213KB

    MD5

    b884ec9fbce1cc7c5bdd2bc022f2b7f1

    SHA1

    841617e7a1cdb8e2b892696fced294ba1801dda1

    SHA256

    a6b13e7960cc154d1b147aa2ea29ab6d6412e7a3770b40784c13ca4654d20605

    SHA512

    885e6602ed1b611fbfd21a766077f41db78182e4bde7693d4f499060917baad8a99ac8d699ea5b9426605653035a7bf999dce926867e703fd0dcd5b3eac73f66

    Download Submit

  • memory/2380-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2380-68-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download