Overview

overview

10

Static

static

10

e34513dc91...43.exe

windows7-x64

9

e34513dc91...43.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    60s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 03:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe

  • Size

    82KB

  • MD5

    cc293a239c3fc93446e85b79b977cdc9

  • SHA1

    687f79c0c36c4042c245620db42cd0681df2b4dd

  • SHA256

    e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43

  • SHA512

    c7150439b2fef3a1a219ba445081a1368fe222f8525d60fb2eb715f9235ba874289c895f1f982a0c5b3c29dbf11f10af40a7d952a294dabac41c8848a9cef854

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxSLkby:fnyiQSo5Lf

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (195) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
    "C:\Users\Admin\AppData\Local\Temp\e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp
    Filesize

    83KB

    MD5

    7e11b2dd01a932585d95e1aea25f05af

    SHA1

    e4a1ba7f042424eeccaa226372799db7f13e97c9

    SHA256

    66b475674bd3d24595b91a3fe62b0904295f62aac2b3e9c0942b17f853c4994a

    SHA512

    1919d0fb2ee308946cefdd0467d899b883d5777b59f6de134195d88b55ba5600973b2967200ea311524733d305e6988161630995671d015d4d77ceb8a56e58b0

    Download Submit
  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    92KB

    MD5

    d51ea12fc154207878ce691550b3e6d5

    SHA1

    639f911e21577520d8d2cb2c44b76d615c34448a

    SHA256

    b73e5d3e9da985e02ffe16636eb7eb48f498dbf6fb4b610bf6c04c4e94a8efae

    SHA512

    b33eff027b4fd85dd713ee2fdee9e8d6cdcc6b22e6777eb765aa41dfb86f5b03ee748fb9ed0e5860f2e7e6494c8e602442c5edf8838a79abe22783083080b3dd

    Download Submit
  • memory/2228-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/2228-58-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download