Overview

overview

10

Static

static

10

135462944d...92.exe

windows7-x64

9

135462944d...92.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    135462944d32f7944a2d80dabfd02d06725a159e9bb34410ef6eb64857ba9a92

  • Size

    209KB

  • Sample

    240424-qmba4saf23

  • MD5

    0dd58e139d0867ae811c3ca7e8a47558

  • SHA1

    95ef0471734698b459e212dd1b3195f236a9688d

  • SHA256

    135462944d32f7944a2d80dabfd02d06725a159e9bb34410ef6eb64857ba9a92

  • SHA512

    5f8dabf4dec28d3313048be9ac73a4c385e3db8631ebf3f43b7a528ffde72c0aa96dbca850529b2962b678ce8564ca16a701ff1ff2574c7b1ce4be418431c75c

  • SSDEEP

    3072:hfAIuZAIuYSMjoqtMHfhfKfAIuZAIuYSMjoqtMHfhfC:hfAIuZAIuDMVtM/8fAIuZAIuDMVtM/Y

Score
10/10
ransomwareupx

Malware Config

Targets

    • Target

      135462944d32f7944a2d80dabfd02d06725a159e9bb34410ef6eb64857ba9a92

    • Size

      209KB

    • MD5

      0dd58e139d0867ae811c3ca7e8a47558

    • SHA1

      95ef0471734698b459e212dd1b3195f236a9688d

    • SHA256

      135462944d32f7944a2d80dabfd02d06725a159e9bb34410ef6eb64857ba9a92

    • SHA512

      5f8dabf4dec28d3313048be9ac73a4c385e3db8631ebf3f43b7a528ffde72c0aa96dbca850529b2962b678ce8564ca16a701ff1ff2574c7b1ce4be418431c75c

    • SSDEEP

      3072:hfAIuZAIuYSMjoqtMHfhfKfAIuZAIuYSMjoqtMHfhfC:hfAIuZAIuDMVtM/8fAIuZAIuDMVtM/Y

    Score
    9/10
    ransomwareupx

    • Renames multiple (4090) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks