Overview

overview

10

Static

static

10

5a5fabfd53...66.exe

windows7-x64

9

5a5fabfd53...66.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 22:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5a5fabfd5337e93ae106537e5ed7093e0d0d03d3623c7002d2b62bf03776c866.exe

  • Size

    134KB

  • MD5

    17530ad7ad771f87f7b0efcd6c04bc58

  • SHA1

    bea0272341ef7516cc4fe5d08019d5f73ed4ab38

  • SHA256

    5a5fabfd5337e93ae106537e5ed7093e0d0d03d3623c7002d2b62bf03776c866

  • SHA512

    50b28f6e4db7521120dad5abcaf8e66975950cdb40f1203895ff88487914c475396ace9fd6425c32ca649f8a411d7faea3ffe416026fac45cd1952b1b114b2b0

  • SSDEEP

    1536:V7Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCo:fnymCAIuZAIuYSMjoqtMHfhfagp

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4837) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a5fabfd5337e93ae106537e5ed7093e0d0d03d3623c7002d2b62bf03776c866.exe
    "C:\Users\Admin\AppData\Local\Temp\5a5fabfd5337e93ae106537e5ed7093e0d0d03d3623c7002d2b62bf03776c866.exe"
    1⤵
    • Drops file in Program Files directory
    PID:528

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp
          Filesize

          134KB

          MD5

          2da03967180e1b8d9e10ce9f60f53014

          SHA1

          75c889c1f6fadc880139cac7da41d0286f2a9ebc

          SHA256

          7da03579c29702982f706e2f31ae9e8145c6b0061dcd94419c4f9de8bf694a5b

          SHA512

          9808bda3bca661b64e7f2872bb6d94027fd7d0888cb75765e22eb7b9139e15a1bc103f62f6027b76e76e81085e2bbfe79613572953e4c596866b4befc6da391b

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          233KB

          MD5

          36f68a130a39e6c7bb4b94f45128717f

          SHA1

          9337818b31ae665358e23fd693df60791183785a

          SHA256

          0acaa953618b339687c963cd6ed61eddebe7273872fa19db68a67e53706f999f

          SHA512

          a3931c37b7c50c3097beecfb94ca98b2b06ab99c6e9baf999aa122b3a555d104c6ccaf5bb6fe63442f318b1f08698dfd1f2216eb851e70b07d17ba26ca19fa03

          Download Submit

        • memory/528-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/528-1740-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download