Overview

overview

9

Static

static

5

c41066571e...2f.exe

windows7-x64

9

c41066571e...2f.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2025, 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c41066571e383ce9945a4e6e18e5aeafff67360477fc73eb6cf7fe53b71fc52f.exe

  • Size

    230KB

  • MD5

    e9f12fdd671175c111b76b40aa5be81b

  • SHA1

    2aa7dab729c90b5f903edb2f28b68d598425760c

  • SHA256

    c41066571e383ce9945a4e6e18e5aeafff67360477fc73eb6cf7fe53b71fc52f

  • SHA512

    bfa0c674660ec880d1429bcdd9451d97adc95e60c01da6bec48328f26b8446a34e976ed88a2820776671af9246d5ba04165edca09ae36ed8f6b032769e8f6563

  • SSDEEP

    6144:KbEyyj2yAIJbIjNDv0bNXkbvLiPVFJ7on3NX:WyAUbIZGNXkbvLyon3NX

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2651) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\c41066571e383ce9945a4e6e18e5aeafff67360477fc73eb6cf7fe53b71fc52f.exe
    "C:\Users\Admin\AppData\Local\Temp\c41066571e383ce9945a4e6e18e5aeafff67360477fc73eb6cf7fe53b71fc52f.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp
    Filesize

    230KB

    MD5

    0a8052ce30d9b3c59553391aebe5c15f

    SHA1

    a753a49315be6a70f61686df2136757e12f57aa6

    SHA256

    d7ee145f977b03f2ed3a44c5ad6bcf7a8d686104d57fcee2cd9d43d5cd0eeb43

    SHA512

    0b857bdd934498d2c1bcd98793af6d875b4251c6cd96728512c0dcadb74de72083cde18e5d7d972ad4f0b6ebc05826d66ff9c774cf3968e0d872611184068f82

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    239KB

    MD5

    95f1f2216466f45c6d22101d69d52159

    SHA1

    badeb59421709fd0c5d615541b4a023f79468d0f

    SHA256

    b589b2ad1e146d9e2d85bf9285fccfe69db55a977ede91b19edded7f3bd8efb8

    SHA512

    5555762a96f55242405f6f514b1f194a8b073a93df045230ef78ed3027bffa4e7fe619d9843cd731db7161ddb3fb3b5f174991c273dde7e1254f7d563111df89

    Download Submit

  • memory/1804-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1804-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download