Overview

overview

9

Static

static

7

2480c9e4eb...50.exe

windows7-x64

9

2480c9e4eb...50.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    108s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 00:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2480c9e4eb0ac172b0f8680a9ae78450.exe

  • Size

    94KB

  • MD5

    2480c9e4eb0ac172b0f8680a9ae78450

  • SHA1

    c50d920732704d74bc13b7592445e87d80914570

  • SHA256

    55e6fc0dcc71903b5eb169c4b52373d7e45d0d51e58e087245839ad7cb03088e

  • SHA512

    ca0beb75574d3c85d7e5f601ce60ab23242283cc9ed6614d91598781f4c35cf6eb2335a7f2a99c6423a5d0ec55bb4dbe6600ea212199ba480f97f01afae44671

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZuEd4HZKMSs9w7WsLhEC7pp:KQSo7Z54HZKMx4dhECVp

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (228) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2480c9e4eb0ac172b0f8680a9ae78450.exe
    "C:\Users\Admin\AppData\Local\Temp\2480c9e4eb0ac172b0f8680a9ae78450.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2816

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
          Filesize

          94KB

          MD5

          86818456d796f3062b8e42dfbcdd050b

          SHA1

          ac36c4cea433cdecf7e4d592fc8ed1ea764ce9c7

          SHA256

          c840d25d27f858b4d81fab058f99f62b5e9d654651b55c8be831c7a0785ea958

          SHA512

          e0bceab00d5a976cbeac5b26667c62b29e0ff21b36e83d4458d18035293944c4e4bbb0d810596ab61a24195a188468b537180ae1627ed5becc7a0159aa35f09d

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          103KB

          MD5

          c1f86b0a38fca39502353facbf84c7c1

          SHA1

          9f00110d61f568f4f1d497b88c5764909886ef04

          SHA256

          f1cc83be0e8a712939f90b9695e220cd4d8e031fa26cf5380dddad884519d919

          SHA512

          f389956cb79a4b1c536d33e53dcd2ae5689fd84b713732d31cf53e46bcaa2ce4e0ab6c810a96a6957333b741975fb2ca312856afd5305099dfe7c4cb26c3a62a

          Download Submit

        • memory/2816-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2816-20-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download