Overview

overview

10

Static

static

10

b38e361559...99.exe

windows7-x64

9

b38e361559...99.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 02:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b38e361559fb2d3e8de81f942c6e78a4abc15cef02749973a8ae4faf8c535a99.exe

  • Size

    99KB

  • MD5

    8b3a85c82a3aa8d9d2ef9c4db37fc24b

  • SHA1

    60cb67e914742e8c9f765f3004aeb07b97a91900

  • SHA256

    b38e361559fb2d3e8de81f942c6e78a4abc15cef02749973a8ae4faf8c535a99

  • SHA512

    ebff066c5ea6c5da4f586d824c7d491dd809ad2b5642c9adf942d3ee920515fa38590f8cc482c58c7de32799b9df7d0bffb558ccf5864ca6de99da37f02eaf04

  • SSDEEP

    1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfA:hfAIuZAIuYSMjoqtMHfhfA

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4891) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b38e361559fb2d3e8de81f942c6e78a4abc15cef02749973a8ae4faf8c535a99.exe
    "C:\Users\Admin\AppData\Local\Temp\b38e361559fb2d3e8de81f942c6e78a4abc15cef02749973a8ae4faf8c535a99.exe"
    1⤵
    • Drops file in Program Files directory
    PID:64

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
    Filesize

    100KB

    MD5

    a9c0fe963974b706573c79b0a2847ead

    SHA1

    3edfe314be7de79be8736962e79daf7957f5c7cf

    SHA256

    e393ef8133a949f299ea02acbdaba79771b63c93d30681fe331de18fa4ab968f

    SHA512

    2b0ad3f6aeee74733895a21ed765aa2563b7e1b1c797dec1db21b9768081b3cb7509ffcde2b7f2fce0b5408c9b708ac138e2071951072168b48851d2d6ac06c5

    Download Submit
  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    198KB

    MD5

    f93c08d2bb979c90144dff13338a7f5e

    SHA1

    4d5a5ad4926f3d9b6b3cdd30a5257b6ec487e668

    SHA256

    ccab7b4a620833a9ecf280f7fbc5d92368e212891112156ff1fbbba03dec85b6

    SHA512

    bc31a1594ef9690ee7d9c1fd11d6969d61c3992dcbed3dca610cbdc6ba2787f1f2337d0190acdd310825bf47b55ef3266b33d86a7df8e31baa8e1de3d2c50ce3

    Download Submit
  • memory/64-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/64-1010-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

    Download