Overview

overview

10

Static

static

10

e3fd49650c...2e.exe

windows7-x64

9

e3fd49650c...2e.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 03:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e3fd49650c582e0bb70435ac6552e393bdef644f8a992491c3d6736fa4379e2e.exe

  • Size

    105KB

  • MD5

    d9a7a7092710a7fc05bf16ab6ba66cd5

  • SHA1

    a483826af7b897fa0141f38056e23731e39e62d1

  • SHA256

    e3fd49650c582e0bb70435ac6552e393bdef644f8a992491c3d6736fa4379e2e

  • SHA512

    e7ceac37c616cef4d05c1a6e3ddf990a4aab892ebf89aae35d2db29a20a07c86409273fc2fffdee616afdac598096ba243f20078216e0f053be0c281ff766744

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxtjm8szV6VSWtV6Vp:fnyiQSoojmHzV6VSWtV6Vp

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (2846) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e3fd49650c582e0bb70435ac6552e393bdef644f8a992491c3d6736fa4379e2e.exe
    "C:\Users\Admin\AppData\Local\Temp\e3fd49650c582e0bb70435ac6552e393bdef644f8a992491c3d6736fa4379e2e.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
    Filesize

    105KB

    MD5

    3566ec0b0a1adc1a1cb2f30a749df6a1

    SHA1

    302d04e5eea2f7edfb77c5c0670c5c4ad318cf8a

    SHA256

    5a2b4b66f65384282974e12920b8c344ca9e5131552a9596969a5fc796d603fb

    SHA512

    ce4e58811af9eef9b041a7578c4f5f6f63e56114aa888daafd80c45da324f4c450274e93d453ffc07b1ac2badef203912d490fd3045e2fc5cd9fe25a4b1c01b8

    Download Submit
  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    114KB

    MD5

    50a9c49001f696568a00f467bba5ce3c

    SHA1

    5d889e18bf800c639af4fb642c03e5ee3aedbf29

    SHA256

    97d8c6c1a87b8558eb12a7fde49ac2a42b1fcc1042bdb8558d39cdeb1c8e1792

    SHA512

    57f891f600202b2d8affe3b0023d8fe17304aa02aa00781c2641d41315028e45cc32b538a5ea2450b9a4a961d510d5b6e1162d78b980ba4b76b7565a96df48af

    Download Submit
  • memory/1320-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1320-162-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download