Overview

overview

9

Static

static

7

16e2e13ffa...0N.exe

windows7-x64

9

16e2e13ffa...0N.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16e2e13ffa597a1f84055a54df581100N.exe

  • Size

    97KB

  • Sample

    240806-12nj4ascnj

  • MD5

    16e2e13ffa597a1f84055a54df581100

  • SHA1

    5df6161952a02455413878ef0925cec0ee08a863

  • SHA256

    086eb018b478568968ed4aa7ce434f0d219e5d7408ff31c0a9b3b71fa8276d04

  • SHA512

    5087920a3f0e05fe366bf908d69e7dcedb5d2d91a14390a1c15d2311adb74965344adaaa4e3d0ddec60948c75883718dcf2348abd74c600e3dc66623c679b040

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTBZ7Zf/FAxTWoJJZENTBqNANL:fny1tE7ny1tEF

Score
9/10
discoveryransomwareupx

Malware Config

Targets

    • Target

      16e2e13ffa597a1f84055a54df581100N.exe

    • Size

      97KB

    • MD5

      16e2e13ffa597a1f84055a54df581100

    • SHA1

      5df6161952a02455413878ef0925cec0ee08a863

    • SHA256

      086eb018b478568968ed4aa7ce434f0d219e5d7408ff31c0a9b3b71fa8276d04

    • SHA512

      5087920a3f0e05fe366bf908d69e7dcedb5d2d91a14390a1c15d2311adb74965344adaaa4e3d0ddec60948c75883718dcf2348abd74c600e3dc66623c679b040

    • SSDEEP

      1536:V7Zf/FAxTWoJJZENTBZ7Zf/FAxTWoJJZENTBqNANL:fny1tE7ny1tEF

    Score
    9/10
    discoveryransomwareupx

    • Renames multiple (4325) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks