Overview

overview

10

Static

static

10

87d769e43b...28.exe

windows7-x64

9

87d769e43b...28.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    28s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/06/2024, 23:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87d769e43b0866b8ca29cf31427047e98f6b4c0b247ca3d156a0b0ab0c0d2f28.exe

  • Size

    65KB

  • MD5

    f042a5d4cc6905d81648cd33baf8fe7c

  • SHA1

    a92d2e72f9a40171a48916612e25417c3af2cdb0

  • SHA256

    87d769e43b0866b8ca29cf31427047e98f6b4c0b247ca3d156a0b0ab0c0d2f28

  • SHA512

    b688ce38cf8df41b62610990fbba87fa659c50b3b5fe3f78560f79cefae0f883d3a2a8c7e80a12551f4fcc2da67c662cfae5868acf0fe6d5bc6cff97b480b901

  • SSDEEP

    768:67Blpf/FAK65euBT37CPKK0SjHm0CAbLg++PJHJzIWD+dVdCYgck5sIZFZhfX58j:67Zf/FAxTWY1++PJHJXA/OsIZBX5WX5t

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (209) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87d769e43b0866b8ca29cf31427047e98f6b4c0b247ca3d156a0b0ab0c0d2f28.exe
    "C:\Users\Admin\AppData\Local\Temp\87d769e43b0866b8ca29cf31427047e98f6b4c0b247ca3d156a0b0ab0c0d2f28.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4048
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4032 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2716

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
      Filesize

      66KB

      MD5

      1644d22388ecb2f12961c0150c299dca

      SHA1

      8c996357d18e01404391212ce23b2dc0ca0c1000

      SHA256

      3b9e48008a9defc2b47acae7ceb5b3aa5ed445307668cd6b4b54be90783bdc6f

      SHA512

      3e97dd5da8de06160e325f1d0c023edd511d07351d2765bd6d0a74839c9c65d2674ac129c5eb975178f61569be8f7de3dd498932cfd85951a5237b7b413ad420

      Download Submit

    • C:\libsmartscreen.dll.tmp
      Filesize

      65KB

      MD5

      5accaeac01afb7553ae767293f4c1ece

      SHA1

      6b881813f63382504760a210b191f956fe4c96e0

      SHA256

      0b6d96ef352ce49494e8f632639801ef4ce110321ae6b2f05f8588839c04eb2e

      SHA512

      da85d17bfcc6ae2961f7e4cf367d347ed655037cb203e2318b494aa25a4883acf589c05ab6b02bbca9e8f3871b660ef78ca2a6d4389e3b85cbc15de076b0e9eb

      Download Submit

    • memory/4048-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/4048-400-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download