Overview

overview

7

Static

static

3

Label_Copy_UPS.exe

windows7-x64

7

Label_Copy_UPS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 14:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Label_Copy_UPS.exe

  • Size

    74KB

  • MD5

    e9effb8cef2374eb9ad40a33e2429c8b

  • SHA1

    aee4bd64303dab698e0de0767e46a606973b63af

  • SHA256

    9f86b6455a11922922a9578cf3411cb6f257705b25a7771abcb13dc7b7bbbc30

  • SHA512

    50ad3a370571f49df47ea01ad279a8fd6eda19d6eda7ebe5d4e0fdc09d5b5c3d3e9bb17cdc94ee67dc378e18e77dc474f3300d7f7591f94034c498289ff84dc6

  • SSDEEP

    1536:sMVRiIivmfYjxb3Ve7Sc12sOWASU3BVg3ScDnI1QKEFXvxdqHsH:sMHiRefYjFs7Sc1yTSUxVoSkICX5ym

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Label_Copy_UPS.exe
    "C:\Users\Admin\AppData\Local\Temp\Label_Copy_UPS.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1036
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Deletes itself
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1028
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Label_Copy_UPS.txt
        3⤵
        • Opens file in notepad (likely ransom note)
        PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Label_Copy_UPS.txt
    Filesize

    5B

    MD5

    43fb2705d9766ea761f934981936503f

    SHA1

    c9589c81355baab345cd121a76dcd743d65e131c

    SHA256

    766a90366e6cac315d05afc9c97dcd6206a7f66da260dd41d209bb6ad13947e0

    SHA512

    ebf82587e4a8dad580b0c6c6959c73315c584cea82c41c073aab41854a44027fbc63d3f360651e726bfe71bc9e99a1b803574715e63d462f90182291ce3dfbf4

    Download Submit

  • memory/1028-2-0x0000000000060000-0x000000000006E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1028-4-0x0000000000060000-0x000000000006E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1036-1-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1036-0-0x00000000023B0000-0x00000000023D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1036-6-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download