Overview

overview

10

Static

static

10

7e09b9eb64...e5.exe

windows7-x64

9

7e09b9eb64...e5.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 23:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e09b9eb64c8877b4af4b2ee8d2727a8b657f6bc9a3582eb5829fbadf16060e5.exe

  • Size

    81KB

  • MD5

    eb817201d77c3e9b1d8342688dd5fa63

  • SHA1

    2304b9ca82cf20856ef351db2c42d55c59838f76

  • SHA256

    7e09b9eb64c8877b4af4b2ee8d2727a8b657f6bc9a3582eb5829fbadf16060e5

  • SHA512

    b2d64a4fcf067385a9c1de60d66d37d0036cd40dc8f3f44abe5be5cd57d7e4778fa84d9cd3d42105803bdfd089eae7b3a2ee2eceac697e8cca260933deed1c30

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8yiDG9:fnyiQSoF

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4846) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e09b9eb64c8877b4af4b2ee8d2727a8b657f6bc9a3582eb5829fbadf16060e5.exe
    "C:\Users\Admin\AppData\Local\Temp\7e09b9eb64c8877b4af4b2ee8d2727a8b657f6bc9a3582eb5829fbadf16060e5.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp
    Filesize

    81KB

    MD5

    54667c70e0aec466155889ad0cb4bb29

    SHA1

    eb6167cc79aaf619e1e37f6d2a6c82689e31eff6

    SHA256

    4c637b6ef95e9109242d550b47e54b2c3e174fd19a1ffc3065df1a8a3e2678df

    SHA512

    f65762a112d662133b18a0c0fe813183ebed9f212f99edfb4f18c7a7fc3d4e0f0d7aa8695481ca68d2a23b6fd0a1c74dc8760a6e2a6718bdc86d1996b9dd3211

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    180KB

    MD5

    167397787ee30dd31a1c27bb182f2790

    SHA1

    dededbee4de3da0b335ed2432d5ec7c3f131f29a

    SHA256

    88d9074b763a7636c37c8ad5253ad26d57b91538f588d140698f4833a6bf4587

    SHA512

    63cf18defdc8c6d6d49a020144d38d539815381f2c94ca6b044e7d2b240609f0061f6ad4ce0bff640b41b6359c2413a24b2e274ee689d8cdfa960430a7688075

    Download Submit

  • memory/1532-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1532-1782-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download