Overview

overview

10

Static

static

10

14bfca54cf...d2.exe

windows7-x64

9

14bfca54cf...d2.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14bfca54cf97bbd0a043e9b4c4441a194bd1fa1d711bd2639a01a74d3c1cf1d2.exe

  • Size

    210KB

  • MD5

    3f813b51c26d1a3af8b6362de15e4c96

  • SHA1

    91f229391b0e4e6e08cea709485d1ad449fedc5a

  • SHA256

    14bfca54cf97bbd0a043e9b4c4441a194bd1fa1d711bd2639a01a74d3c1cf1d2

  • SHA512

    a9e3963b0cc1385bf9e07b320881f5e7139a908926f8ffdc731fbce23026a6f8383ef7644ac10d8f74151c6fd6867694caed93a9a523f4b1be47bf7e376ef28d

  • SSDEEP

    3072:enaym3AIuZAIuYSMjoqtMHfhfA6W2QZwKS7T:wHm3AIuZAIuDMVtM/y2ZKS7T

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4678) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14bfca54cf97bbd0a043e9b4c4441a194bd1fa1d711bd2639a01a74d3c1cf1d2.exe
    "C:\Users\Admin\AppData\Local\Temp\14bfca54cf97bbd0a043e9b4c4441a194bd1fa1d711bd2639a01a74d3c1cf1d2.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp
    Filesize

    210KB

    MD5

    b5621ab4323501033f3cceb84a8c9255

    SHA1

    145d5a21c668991a2c65bace7d2bebaf4f498860

    SHA256

    ffc0c3e66696da34e6c4c691655cc9910c6b4a9b497809f06b06423fc877aadd

    SHA512

    733950f633a56e39cd0e99f13d74d40dbc6c1479b9548b766edcd003efefb28c4faab2491b86108f2d7b149de9b25921876e3a0bcfd3bdfa5e411ab10c7984e1

    Download Submit
  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    309KB

    MD5

    78ebe4c21eb41155128f0477d068ecbe

    SHA1

    c246b360c2c368cb2903b0f390a01a3c02ca12fc

    SHA256

    065626a05ce1ea758a689044523dbf7fdd919cd41c8b4495f731757ff68cb79f

    SHA512

    0e3d20e104a3d18d283728035ae5b29d891f7158909a79dd24e166a8d372e093dab9a8c64715e21f1e3acc07ca8da6b3700a255708467168ae00aca67fa815a8

    Download Submit
  • memory/2480-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/2480-1632-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download