Overview

overview

10

Static

static

10

82089b512a...a4.exe

windows7-x64

9

82089b512a...a4.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 23:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    82089b512aa588634a6ba6e457f1c859377ce5092f4988a14b94f0262f6a9ba4.exe

  • Size

    60KB

  • MD5

    90b7bc8545e8c4535e951d111f9d37ca

  • SHA1

    01b6ee6a955937aa052b820fa9c2d0548e52f1b3

  • SHA256

    82089b512aa588634a6ba6e457f1c859377ce5092f4988a14b94f0262f6a9ba4

  • SHA512

    622e355d3bf4255644e15ba0c0b1a96bd6f21bc6c09ac4ee5313f9a831c447fc263885c217d155f4790fecb22fd8e25a12a780fa517c9893ef0bc502fde257ee

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZZ7n97ne:KQSo7ZFZe

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5211) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82089b512aa588634a6ba6e457f1c859377ce5092f4988a14b94f0262f6a9ba4.exe
    "C:\Users\Admin\AppData\Local\Temp\82089b512aa588634a6ba6e457f1c859377ce5092f4988a14b94f0262f6a9ba4.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3464

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
          Filesize

          60KB

          MD5

          15e327aa05af9e22c95d30c7f19a380d

          SHA1

          d03eeacb8066a0d97076444b2e1114cc1db1837e

          SHA256

          ba3e78f0155e2957051d44372eefed25b15fce283b95080d359b8998d89b67c8

          SHA512

          f0c64201a4685b599d0e6db4939cd44b2b1c24948a5c1cda9b3b19d5e490274de965ed12bdcd46c31c2fbe8ee2d7236070f460890b53451cda5dfbea20d1aae5

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          159KB

          MD5

          bb4057a9d2af29e2fe06fdd0112310fe

          SHA1

          1326aecedfdb36ff16c19baf8c26ed9d354b85fd

          SHA256

          734cec989a3a52e0531ac765a992c9f1f1b32f12fcc43da1e3863f78432707ab

          SHA512

          2c5f7833161c2a82294f9a141055722fb2b0bddc3109077b6323fda5dc27b1917143aac5d8f0622e57d02442a2cd3e6fd0f564fa4385cae28d12d5594f0b1580

          Download Submit

        • memory/3464-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3464-1112-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download