Overview

overview

10

Static

static

10

9ce52f2f72...db.exe

windows7-x64

9

9ce52f2f72...db.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 01:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ce52f2f72507f4e3776c1346ef2150cb743874795ed56d94ac3cd39473664db.exe

  • Size

    43KB

  • MD5

    2cbc215a225a0aa2bb28c59e97245d21

  • SHA1

    bec683ce978c57f38ed4430bcff9a1fd84066642

  • SHA256

    9ce52f2f72507f4e3776c1346ef2150cb743874795ed56d94ac3cd39473664db

  • SHA512

    646ae3d6012eb54ec4c0dbccad8abb4ce96a6519c4abf3b762be6a5cb570024567a53b81ca54609b1c5711b65aedcde1a083df6554af2e213e47977512c6f369

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzg:CTWn1++PJHJXA/OsIZfzc3/Q8z2xlxr

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5134) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ce52f2f72507f4e3776c1346ef2150cb743874795ed56d94ac3cd39473664db.exe
    "C:\Users\Admin\AppData\Local\Temp\9ce52f2f72507f4e3776c1346ef2150cb743874795ed56d94ac3cd39473664db.exe"
    1⤵
    • Drops file in Program Files directory
    PID:5012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp
    Filesize

    43KB

    MD5

    a6ad2ff6539aaf04eb4b0f58e1706c55

    SHA1

    5b43edc8dd80319079e6585a527e31c4db1c3971

    SHA256

    e8a8624c128e7c96fe0c24a43618aadaab8bad71e986962785dc97c608c07714

    SHA512

    b6d34936dc03bca3e8ccb44d6d7625ca58a957d79d6241ff0dea9cfa9515b73eec58594293672656b83040ecba84c24e7fbed2b3da12c9a35b8a4e9973f22b2e

    Download Submit
  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    142KB

    MD5

    474a8819a3f57e720ec1245f0cea43c8

    SHA1

    decb49bbc3f6a2d9ef774f32e77dce0e34ff08c4

    SHA256

    63584204fd1c0e0ff921b920a80f201bec960299577154c884f7790d80ce2dcd

    SHA512

    ed11ebf4df9e2f3879a123ed2fbf686f137e24f122d55bc6b1e276d044a4ed3aa919110da4b4306ca3cdea72150ecda443ca39fc8adefeff0fb09884774026c6

    Download Submit
  • memory/5012-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/5012-1108-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

    Download