Overview

overview

10

Static

static

10

ef0a29833d...ed.exe

windows7-x64

9

ef0a29833d...ed.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    ef0a29833d401dfbfecb1b2fea097c0d54387bd316a367def28a83da4cbad8ed

  • Size

    174KB

  • Sample

    240501-fenw5agb8z

  • MD5

    8c7baf8bd89f2384bc0e02340a07b7a0

  • SHA1

    2c76f2ae22749884c94052b88af3e0db173464e3

  • SHA256

    ef0a29833d401dfbfecb1b2fea097c0d54387bd316a367def28a83da4cbad8ed

  • SHA512

    d107c621b950e92d8775b049edcc2c9ea48ccd16b324df9b82a6991c10ec11983789d598eb845bd5268676f7dea23ddb4909baa3c8e79ea8b468cf6dd0449682

  • SSDEEP

    3072:+nymCAIuZAIuYSMjoDnymCAIuZAIuYSMjof:JmCAIuZAIuDMvmCAIuZAIuDMQ

Score
10/10
ransomwareupx

Malware Config

Targets

    • Target

      ef0a29833d401dfbfecb1b2fea097c0d54387bd316a367def28a83da4cbad8ed

    • Size

      174KB

    • MD5

      8c7baf8bd89f2384bc0e02340a07b7a0

    • SHA1

      2c76f2ae22749884c94052b88af3e0db173464e3

    • SHA256

      ef0a29833d401dfbfecb1b2fea097c0d54387bd316a367def28a83da4cbad8ed

    • SHA512

      d107c621b950e92d8775b049edcc2c9ea48ccd16b324df9b82a6991c10ec11983789d598eb845bd5268676f7dea23ddb4909baa3c8e79ea8b468cf6dd0449682

    • SSDEEP

      3072:+nymCAIuZAIuYSMjoDnymCAIuZAIuYSMjof:JmCAIuZAIuDMvmCAIuZAIuDMQ

    Score
    9/10
    ransomwareupx

    • Renames multiple (4999) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks