Overview

overview

10

Static

static

10

b8d2df275f...82.exe

windows7-x64

9

b8d2df275f...82.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29-05-2024 01:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8d2df275f003d5179e86c1d0740ba5793f977ed476371e8582a9cb13066b382.exe

  • Size

    62KB

  • MD5

    9c3e9896bac180ca851882cdcd2711e5

  • SHA1

    9441b2e1b33dd9ef009a2ecaf0fc648cc92add96

  • SHA256

    b8d2df275f003d5179e86c1d0740ba5793f977ed476371e8582a9cb13066b382

  • SHA512

    d3e31a94cd3edd8fac3ed5b3bf3a4c73a6cb3609cd8932aa390e5370ba6e77adebf0c0ed7c000147f85ee44d892abeb2287b96294f4ed287440f65c00c413da2

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8a:fnyiQSoR

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (532) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8d2df275f003d5179e86c1d0740ba5793f977ed476371e8582a9cb13066b382.exe
    "C:\Users\Admin\AppData\Local\Temp\b8d2df275f003d5179e86c1d0740ba5793f977ed476371e8582a9cb13066b382.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
    Filesize

    63KB

    MD5

    bf8e054c868e4ee5334540260a4ed683

    SHA1

    6e589238ef2b0b140e63f98b3eb28f4829463f97

    SHA256

    cbcf01f7485854c9b2e9155006aee1f90af625c5fd4ed3f92a104e1d3549c0a2

    SHA512

    9a0bcb30ecb0bde7dd2baa2604f049c8791c8554f4cecd2d24b5a9680b3374551ba59493610bb758b4b5863acba2b58591d495e0b1263d26d8644e85a8448a40

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    72KB

    MD5

    b078b69bf3da803e525d703e52943228

    SHA1

    27843e97a4067e401a42d918e14c6f7f5db5fcb9

    SHA256

    246140d19329d88f51139b3d1cbec6b962de8066babf071d05916b4a753f224d

    SHA512

    8fa830ddd70af09df4a38e73fce0f413e58a45f2f11d2149a6eaa16dfcc8cfc3426f4dc025560cbd16e89a0da5915b60cd951888343c3408f43df58ce6bc58a5

    Download Submit

  • memory/2244-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2244-68-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download