Overview

overview

9

Static

static

7

0135c75a49...0N.exe

windows7-x64

9

0135c75a49...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 19:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0135c75a49d7ed658d4b47935fc23b70N.exe

  • Size

    70KB

  • MD5

    0135c75a49d7ed658d4b47935fc23b70

  • SHA1

    23e89959db075c6fcfa0e717849733bb7ace0ab9

  • SHA256

    a194e27e1182e83ea3cbcbdaec703a0f8b689d4f1ba87fc5ed0ec3e8e4870780

  • SHA512

    5dcb5f01612b41a0b20811868224c844e72c40db137e883d1fafcdd22627a36f3fe24cf435759754b1655f7c02249f95374aaa045a4637050da17965684c4cac

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZqpBpd:fnyiQSo7ZE

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (966) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0135c75a49d7ed658d4b47935fc23b70N.exe
    "C:\Users\Admin\AppData\Local\Temp\0135c75a49d7ed658d4b47935fc23b70N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2292

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
          Filesize

          70KB

          MD5

          3b46dbb1e3c6d6b5c38ae2c32cd706f7

          SHA1

          1c5d7e09c3d4bc39d6414fbecd71c28377d194ba

          SHA256

          89e6b3c29d31eb7f7d2e785b6bd988e2e222a6065c9b483b09c9e16f9ce9cc70

          SHA512

          3392e9716deba22f7edecd4385f23213ce3362e4d3eba7c6d7f5d83255b8d285707c2def9a76e36ef3f82d31b395b9bc3542f1322dc5ade01a6f9c1ce2077c6e

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          79KB

          MD5

          6753a347da8f51c6a5c461e3634c43c5

          SHA1

          02e0cd972f2f0d6b02696f417ca45ec0b65ae2ce

          SHA256

          5c4db8179a8e5bcac02a82b5e84691c85dfb8f14f1199691c1805d0aea28fc4e

          SHA512

          c2b49eaacdea2e246b6395300bc4aa64279e75973adbc27a2ed087b25d1ddc184a2d4f0533be643dff73d79f39c53f45b7554e05c1007d4a4f223a580e108349

          Download Submit

        • memory/2292-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2292-68-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download