Overview

overview

10

Static

static

10

a9c9555028...8c.exe

windows7-x64

9

a9c9555028...8c.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/05/2024, 01:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9c9555028904a36a1e7bb7fdd55b995b760a716f2e9dfad85b8ea47f74af38c.exe

  • Size

    181KB

  • MD5

    81fb600cfed4ee6262a6e8ae959281ba

  • SHA1

    ff35f6367ba35037a98609747103a35336f07da4

  • SHA256

    a9c9555028904a36a1e7bb7fdd55b995b760a716f2e9dfad85b8ea47f74af38c

  • SHA512

    b19a199bec0a6c1b73aee85f3d8f766447e4697214e1633f925f868ea56729a20b5a6370e1390b39ae7357b33f06d55655fa280817db2bb7235d1f2ce13b0e14

  • SSDEEP

    3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIutclcF:JiQSo1EZGtKgZGtK/CAIuZAIuz

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (3275) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9c9555028904a36a1e7bb7fdd55b995b760a716f2e9dfad85b8ea47f74af38c.exe
    "C:\Users\Admin\AppData\Local\Temp\a9c9555028904a36a1e7bb7fdd55b995b760a716f2e9dfad85b8ea47f74af38c.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
    Filesize

    181KB

    MD5

    4c78b9cae897885ce3c097f02a18946b

    SHA1

    b73b9df98a36f88202dd0548813493a32073965e

    SHA256

    2531212966d0d61af6908c48b42ad1b9b65a2be7978bdca0ba65cc0123d8e827

    SHA512

    047936608a667d4578857f043fd0f9883934ae262b54ad0b02582344c0953cc061aa4c56236584478bb611cf9704d4dbfda1642d4e97d6706f9bbb4c3d7824ee

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    190KB

    MD5

    dd0c3845d5edcdf5a7dfd1a5f427063f

    SHA1

    81d26fc23d6ece1ae1dbb51fa08e3a1491cdcb6b

    SHA256

    8a4b5f446f9b0c38a7b645a4c95dd825e75b87d3c1c757da144535554033dd1b

    SHA512

    f3bdcd81b6392053ff06b8c180e2b2e649af3e345ea82bf5cbd94077486cbd52ab39bea38488f354f6c0e8c03dd3f8a8a9c5440712c83139597d5c78ebfd9340

    Download Submit

  • memory/2164-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2164-634-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download