Overview

overview

10

Static

static

10

c83ad5fc82...ff.exe

windows7-x64

9

c83ad5fc82...ff.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 03:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c83ad5fc82b28b4e714c0c02b8101d830ad6655cd9961221f100466575492aff.exe

  • Size

    67KB

  • MD5

    47aef1f2d37863428c8f8b90aa055c70

  • SHA1

    265319d33018eba4138c5d0a6f0dffca4ab180c1

  • SHA256

    c83ad5fc82b28b4e714c0c02b8101d830ad6655cd9961221f100466575492aff

  • SHA512

    69ce1639585f8fe24c13b6cffcedc95993e10b7de5ada31ae17a149c31a6a7952d603753c4648070d08891f018be86400d9a128b6520e776c5625cd46a457d93

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsX:+nyiQSohsUsX

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5194) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c83ad5fc82b28b4e714c0c02b8101d830ad6655cd9961221f100466575492aff.exe
    "C:\Users\Admin\AppData\Local\Temp\c83ad5fc82b28b4e714c0c02b8101d830ad6655cd9961221f100466575492aff.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    68KB

    MD5

    7b9f7dbf783eeadb9c6573661ab3da7e

    SHA1

    bba78c2f659e666087a56be97e800c047876e5a8

    SHA256

    7fc9490c74f955be1159a603642c97d5b1ffea7abbe3d802053951a3f251ad74

    SHA512

    d58d565374f31726f2b011a314f454ff577215d3c71cd7afe0424ff8935a41bd280ec2a6062063b486446c1da44f81a772e633aa63c5aefa68b0488f7e5585eb

    Download Submit
  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    166KB

    MD5

    7f70895f2706deae5f215b1287e4c40d

    SHA1

    7d16f576100b2c35ff0de7d7d8f152b56fee34ce

    SHA256

    c5f31b3783585b26d9462cb97aa5830689a295061c392c3ca8aa279ab802d19b

    SHA512

    7d99375fcce618a451ad8a592ab4bbb201afe6b974ecb52bb6f5dae2ca97481ab6c357d921360389d2e979f89d0734be281f8a47b265a2c5071be62e9b27691d

    Download Submit
  • memory/3588-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/3588-1892-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download