Overview

overview

10

Static

static

10

1d4d3e3c59...9c.exe

windows7-x64

9

1d4d3e3c59...9c.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2024, 19:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1d4d3e3c598586d2cee91b62a8cdc61fc96b91f74d0677e042c9f8018e23f49c.exe

  • Size

    109KB

  • MD5

    3c0f73d083c5290bd202a2394115de06

  • SHA1

    d2e04790346fbbe1b6597582068719af11e6cf83

  • SHA256

    1d4d3e3c598586d2cee91b62a8cdc61fc96b91f74d0677e042c9f8018e23f49c

  • SHA512

    79723a35cac94512151f7f741fa12f5f0b7072518d35a5302a79dacaccc23cde79c657348274fe92652d1cb0d50975e240e4983a08bbf1267b3253d57306fc94

  • SSDEEP

    3072:hfAIuZAIuYSMjoqtMHfhf5SGfFpsJOfFpsJi:hfAIuZAIuDMVtM/XSq

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5016) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d4d3e3c598586d2cee91b62a8cdc61fc96b91f74d0677e042c9f8018e23f49c.exe
    "C:\Users\Admin\AppData\Local\Temp\1d4d3e3c598586d2cee91b62a8cdc61fc96b91f74d0677e042c9f8018e23f49c.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3000

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2818691465-3043947619-2475182763-1000\desktop.ini.tmp
          Filesize

          109KB

          MD5

          d6c2b14624f29248c6fa119cff2ed276

          SHA1

          20ccd63d5cb11813fd5f03174fe86bfa7e367f91

          SHA256

          3cba1d350b9ae5b398ecbafedd9b477a02387ec7459e2cfa894391efafebbe1e

          SHA512

          927609ec4ba1ce9844b52304b153d5248b49383dca81273f8c7377e1b6064bf80fa67cd898597b02355f227b3180684873f7abaab1aee5830a0d8c0d3144e4b8

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          208KB

          MD5

          8035087991755bab9e840af08e0906b9

          SHA1

          87bbdd293816e1bcdaa4a39c274f43afb6622199

          SHA256

          835a0d76b1f6719de8631bc4bc8a226abe574208163377ea3c5ab6773868b77a

          SHA512

          9391bcea9c384d3ae3b72f34251056f026bbc0a1b869fa09dd5ab9812a8c7a2078241d6306980a7d5eb74aef15d661ead3e61266d2aab5add63e6e26bfe84b55

          Download Submit

        • memory/3000-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3000-794-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download