Overview

overview

9

Static

static

7

e0d6ff939b...0N.exe

windows7-x64

9

e0d6ff939b...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 15:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e0d6ff939b1e113437594b5acd8ec2c0N.exe

  • Size

    51KB

  • MD5

    e0d6ff939b1e113437594b5acd8ec2c0

  • SHA1

    6c30f418df42a409769726e2f3194688d2cb3aab

  • SHA256

    c791e528cbce294f35e61ee90865d9a613449ee0f73c2011999bd9f58126952d

  • SHA512

    94749552ae015dea991ab823deab19ac4bd6cc836fbfef17e8ecbdc09a31bec75ba7a9ed088f0926f930fb6ad0370d87bb50b7b40ba68677edcad031332a1d18

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzT:CTWn1++PJHJXA/OsIZfzc3/Q8zxJ

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4652) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e0d6ff939b1e113437594b5acd8ec2c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e0d6ff939b1e113437594b5acd8ec2c0N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4864

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.tmp
          Filesize

          51KB

          MD5

          b43a3b0eb559dfe49e085fb358362776

          SHA1

          34f525e9fe11a7f6c8ba9fca98bc3a97bd519891

          SHA256

          c67fe9274f6e9594cc09357c5f12e2e88adfb3e030df4bd9c42ea637e8923e20

          SHA512

          a49397e0955c8d0c6c979c4bec16b8f8576a87ef5a0b4dbf77e96cb675172aa4f41d82061b7188902bab34404cca5b2d9615b14d1a580204fa28cc2190e22e83

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          150KB

          MD5

          24adbc1d368243bb5fcaa9f941754b42

          SHA1

          f5f9380cf7ab9653aebd294fd0289efac67927ff

          SHA256

          3e36940065ae0d827bb055dc56bef3f70d1ecf079a842303aec6546c91b6028e

          SHA512

          8991699e9a8d0f2012a5c8d0f43983eb574b89d85612d3c71cb3d2211b8be5c66b05abb507f850dc3106fb429d692fa0bc6ea54dea9c078e466b428d57507d50

          Download Submit

        • memory/4864-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4864-1218-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download