Overview

overview

10

Static

static

10

3d65a15918...16.exe

windows7-x64

9

3d65a15918...16.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3d65a159184eec3ab4a16f954f4af5d1b014d4fbe34c651da9799615028e0816

  • Size

    99KB

  • Sample

    240201-jcdvxsgdhk

  • MD5

    7a5fae06458a7a25e9b4bc8fe8f4eb46

  • SHA1

    c90824742757a5ffb85d8fdfa501e92d6c9cfe7d

  • SHA256

    3d65a159184eec3ab4a16f954f4af5d1b014d4fbe34c651da9799615028e0816

  • SHA512

    c73c855e84fa4355912a19b2c82c0935fe41d110c2e721664b22ce71583489b6ea69d27f8fdb6e71f0fd16f03d4640d7c38b6f872a6460fded9b102cbf301ff1

  • SSDEEP

    3072:iU52dzp69jGVBKVpFm2/Y9OWA8p3LXnYIa+lz4x8:cg9jG4j9vWA8xLXHbz

Score
10/10
ransomwareupx

Malware Config

Targets

    • Target

      3d65a159184eec3ab4a16f954f4af5d1b014d4fbe34c651da9799615028e0816

    • Size

      99KB

    • MD5

      7a5fae06458a7a25e9b4bc8fe8f4eb46

    • SHA1

      c90824742757a5ffb85d8fdfa501e92d6c9cfe7d

    • SHA256

      3d65a159184eec3ab4a16f954f4af5d1b014d4fbe34c651da9799615028e0816

    • SHA512

      c73c855e84fa4355912a19b2c82c0935fe41d110c2e721664b22ce71583489b6ea69d27f8fdb6e71f0fd16f03d4640d7c38b6f872a6460fded9b102cbf301ff1

    • SSDEEP

      3072:iU52dzp69jGVBKVpFm2/Y9OWA8p3LXnYIa+lz4x8:cg9jG4j9vWA8xLXHbz

    Score
    9/10
    ransomwareupx

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Detects command variations typically used by ransomware

    • Detects executables containing many references to VEEAM. Observed in ransomware

    • Detects executables referencing many IR and analysis tools

    • Renames multiple (342) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies boot configuration data using bcdedit

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks