Overview

overview

10

Static

static

10

b9b772b1d0...37.exe

windows7-x64

9

b9b772b1d0...37.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    152s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe

  • Size

    140KB

  • MD5

    0e581cb9ecad0ed77c2e0dbe1e6edc38

  • SHA1

    77df408a9a1fd79c594727f945beb9976ed54f24

  • SHA256

    b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37

  • SHA512

    9928f0cf81daae1ba30fb79a2f098a88e1037f3f6c3944b7bc395def4883619c639b480b6591e8091fa4e11623aa48ed99e067c24de6b013fb2c5a989c84af99

  • SSDEEP

    1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCD:+nymCAIuZAIuYSMjoqtMHfhfmUlk75X

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (1152) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
    "C:\Users\Admin\AppData\Local\Temp\b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe"
    1⤵
    • Drops file in Program Files directory
    PID:5112
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4016 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1908

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
      Filesize

      140KB

      MD5

      b0511c2443bcf3a8fef18b47a200afa5

      SHA1

      fdb4a6b4ecc3b1a48c469d794264202dcea478e0

      SHA256

      02290b588a6e9bf77edc1e3a35f98296c8e4a373056803ea44cc278ccc1d2b82

      SHA512

      22295bc120b7a85d30202dad205c7a01a4b1f54784e38e813f503e0628d081c58a42ff2dea05c0ef1e62fbc9d130c6d854d335dfd62dad1e32b2f6d7d1133519

      Download Submit
    • C:\libsmartscreen.dll.tmp
      Filesize

      140KB

      MD5

      401c927bc89b91b97646d73512f52f56

      SHA1

      d49666aabcf79b7775a6b6d6e7f63e27ae261453

      SHA256

      a225a804959343a112c07301ec1b3e17383c4d6e07a4b2568f5c875bdce4ad82

      SHA512

      3bb18656d56da1f259bb94b9153a87e7568c79c4ac0c7b72f79da8fcbfa4038bf6b6ef5019679c814374df2dee8957168567ca669926b5d202a8d2db727a00ef

      Download Submit
    • memory/5112-0-0x0000000000400000-0x000000000040B000-memory.dmp
      Filesize

      44KB

      Download
    • memory/5112-354-0x0000000000400000-0x000000000040B000-memory.dmp
      Filesize

      44KB

      Download