Overview

overview

9

Static

static

7

2d8e5084bc...08.exe

windows7-x64

9

2d8e5084bc...08.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 20:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d8e5084bc8dbad3824839800a07531e3245a349ec4d38cac75b84a73ed64208.exe

  • Size

    45KB

  • MD5

    e868c50e8d1bbd317d29bd859ae3d555

  • SHA1

    b91f5fea71f0155c6189b4a15213d5590b0a10be

  • SHA256

    2d8e5084bc8dbad3824839800a07531e3245a349ec4d38cac75b84a73ed64208

  • SHA512

    796b1ac668f3215f9aba27a12e66f2f9360938f5471ce892947cb954f06e89a9985e67e291c6b3e54165288002249d7d5481116d994181adacf94f6df694534c

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFnh:CTWn1++PJHJXA/OsIZfzc3/Q8+8

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (3436) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d8e5084bc8dbad3824839800a07531e3245a349ec4d38cac75b84a73ed64208.exe
    "C:\Users\Admin\AppData\Local\Temp\2d8e5084bc8dbad3824839800a07531e3245a349ec4d38cac75b84a73ed64208.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2660163958-4080398480-1122754539-1000\desktop.ini.tmp
    Filesize

    45KB

    MD5

    c9d10d5ac857bff777e9de55cebe0652

    SHA1

    3fdf68fd25965221def0679ef3338da105a786c9

    SHA256

    3d042f04f152277e11104acb4db254739b3e1ce2ad8b23b75bf4b887490a8718

    SHA512

    e64aa466d1fcda214d0690ff9ded42f4bb8bc581146af055abf69d6d589521e2f36419e17635868a65368d9e6cd7ce48873713b468714b9d1513b407fca2fe2c

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    54KB

    MD5

    63a736b61f3c6e85d8e4cb1b71a85c71

    SHA1

    13534b622cc71ca7fb326edfbfd5625f7bfabcf4

    SHA256

    1282a4b4c94b872ee396d23489a4b523f8061c481c129d6f2bc33cde40bc585f

    SHA512

    0cc062447ca379e660256d01574688317fb9a565d0c93cf2d96ee34c8e4e45b82b10329bd2b4595ea80b8e024d8e3dadc3fb8335ca7d1aa28c8a5829216a61a8

    Download Submit

  • memory/2244-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2244-74-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download