Overview

overview

9

Static

static

7

05342cf376...70.exe

windows7-x64

9

05342cf376...70.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2024, 20:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    05342cf376aa4ead0bb30fd74e176270.exe

  • Size

    53KB

  • MD5

    05342cf376aa4ead0bb30fd74e176270

  • SHA1

    d687796a3a3f65f9db389fa976473dcb24fdc871

  • SHA256

    607df6ae6cc50bed59186d251a29ced51c53c00aa61ab9b891317cc3fd7a57b8

  • SHA512

    74444505e97e09af2b64bec4da7bee00459e69ed271b95a98cc557448daa4f9e099039f4966467c6eac4a4d0a3662f175cefd5ec7121700de1f92b0e3047fc86

  • SSDEEP

    768:a7BlpyqaFAK65euBT37CPKKDm7EJJBZBZaOAOIBRBT37CPKKdJJBZBZaOAOIB7:a7ZyqaFAxTWbJJB7LDKTW7JJB7LD2

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (3719) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05342cf376aa4ead0bb30fd74e176270.exe
    "C:\Users\Admin\AppData\Local\Temp\05342cf376aa4ead0bb30fd74e176270.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2844

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp
          Filesize

          53KB

          MD5

          ecf015726c33b2f20dbfa073bb81e912

          SHA1

          68846e5df87d3db3525bb56bf1a3215381c861b2

          SHA256

          6d0b8fbb3f00478fd300d19dbc2ac5eb3cb09ece69b733d1c7a74f6738badef1

          SHA512

          320e064d4f5b9e0fd87b6b891ca3c44eaf933a8f4aaf9717b6246b5b4b0706e9d69a5d2a1470040b2ba287c5edcba33f333bd2ee2492aaf69071f0aeca29f87e

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          62KB

          MD5

          524b89a173bd5d41cbc6fd72363c9e47

          SHA1

          fcf08a514af937c1a924bec6b97db978a157adc8

          SHA256

          32cc66be5cfcb775c2d5329385d1e3f45f7cbdcb8f672887c6c5e47338fed593

          SHA512

          3490bc7fdbfd933f38b493134e9f597808904db3e4041f04f5c7bf5b5c50ee813e7069ed124a42c5303f32d658a778e31ee01739d065b2ec7d84e4a37ed224da

          Download Submit

        • memory/2844-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2844-650-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download