Overview

overview

10

Static

static

10

7da129d869...ef.exe

windows7-x64

9

7da129d869...ef.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 23:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7da129d869cb3f85d6be613522e4bdbd0da22e7e99b1b86b3f713a2020c718ef.exe

  • Size

    69KB

  • MD5

    2745ec18140731a2c3ded824a8b9ec19

  • SHA1

    93311268119672fb20aaae9c3b89eeea62ccbba6

  • SHA256

    7da129d869cb3f85d6be613522e4bdbd0da22e7e99b1b86b3f713a2020c718ef

  • SHA512

    79fa1174c4b9bdb1779dfa1542ce873b181eccb1e1b94b65a077eabb16a327924a238e97b3442dae40997b57ab7e253ea47a37c4af8c6b86f25fed6e7f972d4f

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxb:fnyiQSoa

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (3730) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7da129d869cb3f85d6be613522e4bdbd0da22e7e99b1b86b3f713a2020c718ef.exe
    "C:\Users\Admin\AppData\Local\Temp\7da129d869cb3f85d6be613522e4bdbd0da22e7e99b1b86b3f713a2020c718ef.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2716

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
          Filesize

          69KB

          MD5

          317966d305e336dac2b8492eee2c27a9

          SHA1

          975b48c20db282bf5a1b585e00bdf0f8bb25e407

          SHA256

          dbd1590def93a8ab1aeb2dc858d7dec8ca109b2ae520e3016cb34ac260e5f7da

          SHA512

          425503617fdde7cb664d49d297dcf560e6859656a848e267012990af9bd17e013d4a039c173b2edb991e2c3defa3f4db0168db17e570ff8bab524e571ecc2403

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          78KB

          MD5

          740146f5d41b119bfaaf6d380295965c

          SHA1

          855978c3b859b6e18823927c7d57b4f195e8979c

          SHA256

          2bba0e5ccaef237212f584760db1221c458e1b55f65912e47317863412b31800

          SHA512

          d251d212714f3c4f0151d7e307a1829f563bdac11c8ad9e908754e469d6ebc9832efeb9ab7bfaef980dc9b0179584042585fded5461a4f45af762ebee81c8645

          Download Submit

        • memory/2716-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2716-656-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download