Overview

overview

10

Static

static

10

1127652378...a5.exe

windows7-x64

9

1127652378...a5.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1127652378d9f9b217ab1326d50343669556e8d7dc053ffcd3addaab3181e3a5

  • Size

    144KB

  • Sample

    240524-xjle8sff73

  • MD5

    5a03745681558a0d985b8e14897c1d1b

  • SHA1

    171508e0cf13d726f9c57b3ee880990ab8efae34

  • SHA256

    1127652378d9f9b217ab1326d50343669556e8d7dc053ffcd3addaab3181e3a5

  • SHA512

    626722c64ce3af5d47feec25573f3a88408ecf7fe9305ab96f587ae4a1674b72e4237b92dbac6d8d13a3998cae92d0f6d6d9ff52b6e7e8b503f46e96b955c122

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8xJJMJJ/7Zf/FAxTWY1++PJHJXA/OsIZV:fnyiQSoLnyiQSov

Score
10/10
ransomwareupx

Malware Config

Targets

    • Target

      1127652378d9f9b217ab1326d50343669556e8d7dc053ffcd3addaab3181e3a5

    • Size

      144KB

    • MD5

      5a03745681558a0d985b8e14897c1d1b

    • SHA1

      171508e0cf13d726f9c57b3ee880990ab8efae34

    • SHA256

      1127652378d9f9b217ab1326d50343669556e8d7dc053ffcd3addaab3181e3a5

    • SHA512

      626722c64ce3af5d47feec25573f3a88408ecf7fe9305ab96f587ae4a1674b72e4237b92dbac6d8d13a3998cae92d0f6d6d9ff52b6e7e8b503f46e96b955c122

    • SSDEEP

      1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8xJJMJJ/7Zf/FAxTWY1++PJHJXA/OsIZV:fnyiQSoLnyiQSov

    Score
    9/10
    ransomwareupx

    • Renames multiple (5516) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks