Extracted

• • Target

    e724df98ce87ea905e9923017c94322059f1919d27bf6f70d38e2a353ff3a569.exe

  • Size

    4.8MB

  • MD5

    739562b08a6131cce604c0e7ffa1a07d

  • SHA1

    eabe2b22d6af539871b81625c0c3a3efb58afd90

  • SHA256

    e724df98ce87ea905e9923017c94322059f1919d27bf6f70d38e2a353ff3a569

  • SHA512

    457dd85e77bf9bd32275230185b7c350245729afeb7c0eaa50a52bbdc109ed41a0d9a4ecf16a186c3bf163f31e86d91060dcb7f7d64494bcb5f6ee21d8f32c9f

  Score

  10^/10

  matrixdiscoveryevasionpersistenceransomwarespywarestealerupx

  • Matrix Ransomware

    Targeted ransomware with information collection and encryption functionality.

    ransomwarematrix

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Blocklisted process makes network request

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Sets service image path in registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2