Overview

overview

9

Static

static

7

a191ea8075...0N.exe

windows7-x64

9

a191ea8075...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21-07-2024 09:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a191ea807515079c5aa9426c80578080N.exe

  • Size

    22KB

  • MD5

    a191ea807515079c5aa9426c80578080

  • SHA1

    d9e5a5bc8334c7ee891f9c47d072d64de7dc5a98

  • SHA256

    5abbb051419b4ab1b987b004f34b834da065267699b7b3c69c2a15c83c37023b

  • SHA512

    b9240e239541c21a9625051292d3e2feff73550a2e04720bdbf8ba06f8621a8d821b524b7ae78e32e65a6588153c5068bd52dc68e700991f03cf35336917fa4e

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJblDZblDZaOpeOpWB3j3cbNQj3cbN3EFEA:kBT37CPKKdJJBZBZaOAOIB3jM2jMa

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (495) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a191ea807515079c5aa9426c80578080N.exe
    "C:\Users\Admin\AppData\Local\Temp\a191ea807515079c5aa9426c80578080N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    22KB

    MD5

    b009ab7661b8dde3b0052ec48fed2263

    SHA1

    3033ac81451fb43c2a4b7c0ae24d90b5488425e2

    SHA256

    c5451e13266806ff9cdb6450a2cba22dbbd7af3a15e53f9578fe12db4f41f1d1

    SHA512

    e7a585a93342641b57c7bd15ebf30bad53598bcb24a1bdfe695f1ce59d251d732199122f01284d59ad0f5e956d67dfadf5195e8648768ce3b87c51b81283b01e

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    31KB

    MD5

    6fcc89db0abd8f0a38b2eba9b6c11e9b

    SHA1

    4e74fef96781b344f1cf8cd4cdd4febeb31c357b

    SHA256

    e140854cf1c492dadfd60602b401b9b6ef1f7c667d843f789fa6eba5cdc24a73

    SHA512

    e31e17ed9c1ab946ac01741f1bae05b5fb3a73d9561bb599485b73f909feea74fe3336a6829378227f653b48bd712998351f922360c6e42950c0c53a1f15728a

    Download Submit

  • memory/1628-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1628-26-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download