Overview

overview

9

Static

static

7

5296eb9d13...0N.exe

windows7-x64

9

5296eb9d13...0N.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    5296eb9d131b1d612000091dbbcdd560N.exe

  • Size

    110KB

  • Sample

    240721-c8wx2stara

  • MD5

    5296eb9d131b1d612000091dbbcdd560

  • SHA1

    feafebc66399885b6706f9f02b8a68cd3fe5b0c9

  • SHA256

    d50aec4ba3e6bea7bbd9406a104b5a3dcce571899f9050877bbaeb9995e83a2a

  • SHA512

    3a9409850b681b159e19ab923dd1d55a0744b98798103d5fcf45d67f0c2cc9c781c8f83689391935852d7c146a0e679f65ab1bfcdcee754a2ec4f49f1fee5ae0

  • SSDEEP

    1536:V7Zf/FAxTWoJJ2WjWpf1f3hW7Zf/FAxTWoJJ2WjWpf1f3hWAT:fny18f1f8ny18f1fkAT

Score
9/10
ransomwareupx

Malware Config

Targets

    • Target

      5296eb9d131b1d612000091dbbcdd560N.exe

    • Size

      110KB

    • MD5

      5296eb9d131b1d612000091dbbcdd560

    • SHA1

      feafebc66399885b6706f9f02b8a68cd3fe5b0c9

    • SHA256

      d50aec4ba3e6bea7bbd9406a104b5a3dcce571899f9050877bbaeb9995e83a2a

    • SHA512

      3a9409850b681b159e19ab923dd1d55a0744b98798103d5fcf45d67f0c2cc9c781c8f83689391935852d7c146a0e679f65ab1bfcdcee754a2ec4f49f1fee5ae0

    • SSDEEP

      1536:V7Zf/FAxTWoJJ2WjWpf1f3hW7Zf/FAxTWoJJ2WjWpf1f3hWAT:fny18f1f8ny18f1fkAT

    Score
    9/10
    ransomwareupx

    • Renames multiple (5070) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks