Overview

overview

10

Static

static

10

1ee3509062...43.exe

windows7-x64

9

1ee3509062...43.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ee35090627919988d4d2994ba85547650f6d96c0484df60e246dcafb67abc43.exe

  • Size

    54KB

  • MD5

    520ad000928ff20c7b0d1000827b7304

  • SHA1

    045b3784c0517b32b11df0e2317d3fe5213b7188

  • SHA256

    1ee35090627919988d4d2994ba85547650f6d96c0484df60e246dcafb67abc43

  • SHA512

    e76fa93e6eace5e85d5cd4d932a7cc0571bdb78693f388fafad44f58f0312161874af626b7f08b67061896981cbce22aeb3aae646675367ceddd831001d581f9

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzl:CTWn1++PJHJXA/OsIZfzc3/Q8zxL

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5190) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ee35090627919988d4d2994ba85547650f6d96c0484df60e246dcafb67abc43.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee35090627919988d4d2994ba85547650f6d96c0484df60e246dcafb67abc43.exe"
    1⤵
    • Drops file in Program Files directory
    PID:964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp
    Filesize

    55KB

    MD5

    479a3d2e882e6c3b5684cd7a92636626

    SHA1

    2d0833b623d6a9c83f0679a8f24f7e80427a2c4f

    SHA256

    2f24bc96e638a4cd9e70929ef5e49c7fdffa316da28ced1d7ccbb3bab5f5431e

    SHA512

    c0e63c5120be676834a03c04af625a2782e819251877919801b55acfa628c97a9aac066ec24931a61e0e47de6d2d14cf0753e65852ea13030b80c54263c3a633

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    153KB

    MD5

    c4079833526ca05086a055f5d695b8ac

    SHA1

    116c510a2d3f3ca75e6e6c66addc0f156286db38

    SHA256

    0024eec9cddcb3171079b28b5239544b74aea63250010b3d79b859323c161a64

    SHA512

    32fec3f68cff9f5aeb5b78fc59db2658971e6e233a13119530fa7e51ef4be4cbad90974adb7af70d2d9e7c3ce86f83ee81b09f0967c84cc4a8d75d370271756e

    Download Submit

  • memory/964-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/964-1110-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download