Overview

overview

9

Static

static

7

61cb5b5bfc...0N.exe

windows7-x64

9

61cb5b5bfc...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 04:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    61cb5b5bfc50f8337f592d8fcb349e70N.exe

  • Size

    569KB

  • MD5

    61cb5b5bfc50f8337f592d8fcb349e70

  • SHA1

    2c3bb3bed219fb0f72d1a0ca87662e1094bb2f44

  • SHA256

    3b35642f1dbb7fe52b3ba139414958fb2e2a3602d422df07350279daa26d35af

  • SHA512

    5b555ab7a2b6bbb6366d27dfc28c46f233fd9c915b3d6e82498f6fee9d74d13336090ab54b637845eb87f8ed0196bffe65235bba5a0ac9cec38c61f4534fbfc2

  • SSDEEP

    12288:sQtsoDGA4qCCPrdUJRBl9S9iBpQYr7OOtpMmS7wZy0:sILD4qCCPrdeh9S9sQYr7OOgUl

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (2435) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61cb5b5bfc50f8337f592d8fcb349e70N.exe
    "C:\Users\Admin\AppData\Local\Temp\61cb5b5bfc50f8337f592d8fcb349e70N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3820

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3419463127-3903270268-2580331543-1000\desktop.ini.tmp
          Filesize

          569KB

          MD5

          be96f338696124e08551b060f167dc1a

          SHA1

          887290eb40a0515ae844cae238c0100849472158

          SHA256

          0955a24c3beca098ca145850aed4d472b261a02ea21dd471dce1d480ee660fb4

          SHA512

          b13516bc60eba9a3762887ca8b57db13ec47111d26a31312bf8cc0ad9e2b3c622da21e1892162a35230bdac6b5768d271061b1c0df9f4214a5c9330c295f792b

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          668KB

          MD5

          e930ae7a9410ba934e4b6d356cedba5c

          SHA1

          050d47b9560d8b1224880937107da41e2648b9be

          SHA256

          d484eade6008f219d6a135dbb0a77727a3598acb81a3fd079bd68b06ca5a2b39

          SHA512

          4b34e0ec49347144b8aedb425b9b0d624ccc4be0103a13acd9c35b8f2e60167cd643de730462de4276139ecbb9b6c00b2cdbe6f4de2345b0dac54c1b27414612

          Download Submit

        • memory/3820-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/3820-1252-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download