Overview

overview

9

Static

static

7

6589ba51eb...0N.exe

windows7-x64

9

6589ba51eb...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 04:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6589ba51eba11dc292584ca6ab85bfa0N.exe

  • Size

    71KB

  • MD5

    6589ba51eba11dc292584ca6ab85bfa0

  • SHA1

    c95dfe77b73bff6424c3453c8b608f18df5a0297

  • SHA256

    cf71da7cff582efc534f3bb50af259bb8d84c9475977cb821419853cfb7f8a97

  • SHA512

    17658583265f6b68ed0f004adac2968c05bf186c423512ab2979edb1417fe1ae63c1559dd0b5cc419b50e2c9d8aaef667dea603c163f7fa05be720f1b790582a

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8wY0kvRkvk:fnyiQSodY0kvRkvk

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (3109) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6589ba51eba11dc292584ca6ab85bfa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\6589ba51eba11dc292584ca6ab85bfa0N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2552

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
          Filesize

          71KB

          MD5

          cbe82cdc20c4a46d2e8d328d50d5aea9

          SHA1

          b01bfe143fe60e5dee4963aaff1d801f555dfc66

          SHA256

          037bb120695b2cae37b9e1417ba794295a8a6e8f78e19ed4d4a0e7ce601def5c

          SHA512

          b52887a9a8f78812d129b6f8874db1d8fb2e92c274181a349886d79a3fc3401bfa2ff6412610472960a21f781e40b9ba74c35c7756bce12cfd69781df410b2cf

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          80KB

          MD5

          75516958c43c7eec6067d143b763a60c

          SHA1

          6b43fd24410330b814e2619e9db9802e9eb0568f

          SHA256

          1ad35013eacc373c454d3370da1f2d6222d422b71c112d45c25eff37c42b461a

          SHA512

          632d32eb140388d1c31597ad50fea676829c7afff614e818cee76a69a7e4116344d41261568bbb5a6f6f2ab17222aff5ea2291800afe7fb1e64353039af75e92

          Download Submit

        • memory/2552-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2552-650-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download