Overview

overview

10

Static

static

10

56b8d7edb6...a0.exe

windows7-x64

9

56b8d7edb6...a0.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-05-2024 22:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56b8d7edb6e8514baf119dddeb24ae77538877403d0a080835d569c3e243a7a0.exe

  • Size

    56KB

  • MD5

    0c8fce692678e5d357cc8cec80d906a3

  • SHA1

    617f7e38c69baebaa21accf6e076eab5664d9e10

  • SHA256

    56b8d7edb6e8514baf119dddeb24ae77538877403d0a080835d569c3e243a7a0

  • SHA512

    1da35ac0c39b73638bcdac44ab4cc84696c364f80577bd0362d599cfd957762011f203d6a1592c3ffb494ed6cf978335675269ec5f97cb16504bd6cac90421cc

  • SSDEEP

    768:67Blpf/FAK65euBT37CPKK0SjHm0CAbLg++PJHJzIWD+dVdCYgck5sIZFufG7:67Zf/FAxTWY1++PJHJXA/OsIZh

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4863) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\56b8d7edb6e8514baf119dddeb24ae77538877403d0a080835d569c3e243a7a0.exe
    "C:\Users\Admin\AppData\Local\Temp\56b8d7edb6e8514baf119dddeb24ae77538877403d0a080835d569c3e243a7a0.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
    Filesize

    57KB

    MD5

    2f75c0a03280b7cc851bd6860021d405

    SHA1

    4459c77b70203a0b81dd3c90dc8a05aab2d478a5

    SHA256

    63368201f5e01002cc92515ff7c7a9bedf117ade31a482a1031626292ed26ac7

    SHA512

    9680c9bcb0295dbb076677440d19a76c2e35d7ff5a5a1a57fee9fe52ab592815351273d7f88e9402cd014974bdd83b0a9cbf3e5b158fccb779ad8c479bda76de

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    155KB

    MD5

    e08aa70580b9c3db3f0c97d142c4dbff

    SHA1

    07c07fe8baffeb1895a8510437ef10d7dd876b9e

    SHA256

    a7151813675ecc9c89fe79481ad56e691bd447b4d4e29b10510a553dfea00db9

    SHA512

    65fc33418e714d0c8c871ca84126438b6e7db2ad016b215f4527676e9a025041356ba9ea956e693cbc9542922dcba70e7c18f3bc34aa2db071cb829fb2806d84

    Download Submit

  • memory/3032-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3032-1780-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download