Overview

overview

10

Static

static

10

01e961b6ba...a1.exe

windows7-x64

9

01e961b6ba...a1.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 18:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01e961b6baaaf450dbe32e75cfc5b8ec920d381c3105ed416339c033393432a1.exe

  • Size

    42KB

  • MD5

    a0ecb5f758334579201dd8f2f351a1ba

  • SHA1

    22be90d8a16d64a743f81120b50c8840d83ff6ed

  • SHA256

    01e961b6baaaf450dbe32e75cfc5b8ec920d381c3105ed416339c033393432a1

  • SHA512

    c97edd2a206e7a2ec6a1f571660d7226ff2c03c3b5a6962e3db0dd9be0435a3749f799e492cd6267062f16c2577561a2c69d9aafcdfaabdb62970d0989f0c5ad

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQD:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/83

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5317) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01e961b6baaaf450dbe32e75cfc5b8ec920d381c3105ed416339c033393432a1.exe
    "C:\Users\Admin\AppData\Local\Temp\01e961b6baaaf450dbe32e75cfc5b8ec920d381c3105ed416339c033393432a1.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    42KB

    MD5

    cd9d351a6125e06d65ed684bed8f1617

    SHA1

    94aa221b5f54ca80b84fa24a1c90a6084e338f8e

    SHA256

    eaeb32d57cc6590a4b4c53b9c13d8042cae63a0d7b95f3295eb09c1754758287

    SHA512

    294aa6d1a1dc84cd847f15360b8c333169c0f8258c391807e14a761ae697d242754d90ec53a18a337a7b861c154ba6650fbe416750813f56bbc60e9091c1538b

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    141KB

    MD5

    3b33b5f6fb1fd92d5e6727599ecef84a

    SHA1

    1bab3f1303b5d77efcf1c7bf2afc8af7885ac94a

    SHA256

    53be4410d00aac15b99ad32f1a84be7a4873d6885369354cb650362ea1cfba21

    SHA512

    557795d3850abe79d49b344489d08a3d18488a2eece27b3a1ce7930d054c914d1aa96eec0048289f01cb3f024ecb96e78f435db2727642b9d3ec2e74830b4c30

    Download Submit

  • memory/2244-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2244-1104-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download