05fbedef56f8cf1b12e719ffca3136ef15d8d3696009ecf884d2b71fd8094953 | Triage

Submit
Reports

Overview

overview

8

Static

static

6

772c627fc0...in.exe

windows7_x64

8

772c627fc0...in.exe

windows10_x64

8

Sharing

General

Target

772c627fc0b70e0454ff2e5464b9ee713a44a35298deba43f420e4fd21a0aeae.bin.zip
Size

30.7MB
Sample

210130-z5cx8xcxba
MD5

8e300d80dcfdac172b7aabb2ed62cbb5
SHA1

b0dd5048ef41dab940d47fac19290197e34cd77c
SHA256

05fbedef56f8cf1b12e719ffca3136ef15d8d3696009ecf884d2b71fd8094953
SHA512

a4384c514b7182aa023e2ee1c132bc95db091269f4a1c9d1beaea9322d4a205381c7beae937f0d16a52589f8b927741a01610977b55c8e54b5ee18d9924b817e

Score

8^/10

discovery evasion ransomware upx

Static task

static1

Behavioral task

behavioral1

Sample

772c627fc0b70e0454ff2e5464b9ee713a44a35298deba43f420e4fd21a0aeae.bin.exe

Resource

win7v20201028

discovery evasion ransomware upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

772c627fc0b70e0454ff2e5464b9ee713a44a35298deba43f420e4fd21a0aeae.bin.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  772c627fc0b70e0454ff2e5464b9ee713a44a35298deba43f420e4fd21a0aeae.bin
- Size
  
  31.3MB
- MD5
  
  fa9649ba7f76190701b2f1ffaaf4d0df
- SHA1
  
  dac66a285e89ee98cb84488df21f8c43c4acb5d3
- SHA256
  
  772c627fc0b70e0454ff2e5464b9ee713a44a35298deba43f420e4fd21a0aeae
- SHA512
  
  9868a1cc7e9bf361c1d93bad871b88fae0f3c3fa1f15dce1d386f1e78fbda913d30ffd3d407706a34043357727e7db560924ffbd7e1ec4bc5dada7c9e74f6c11
Score

8^/10

discovery evasion ransomware upx
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionransomwareupx

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.