Overview

overview

10

Static

static

10

ecab2bb37a...05.exe

windows7-x64

9

ecab2bb37a...05.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ecab2bb37a3affe7a19f7d9115c00cdda3182be3d220c32c2cbaced881681705

  • Size

    87KB

  • Sample

    240701-ewh7jawcpf

  • MD5

    ba0fe6339ae1d0f2cc3b4e29f503c198

  • SHA1

    4c411bac2e3da961c6802a7d91094b1ad649c46d

  • SHA256

    ecab2bb37a3affe7a19f7d9115c00cdda3182be3d220c32c2cbaced881681705

  • SHA512

    7335c72d80cf8dcd06f29d50bdcd8fdd256d27e5d389c00890c608a2ba404d0b61b68c00cd2216d2a2ffb19bc46741aab2c1db3e919b2fb3d904cbce2fbc93b7

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKK0SjlV2/AW/A47Blpf/FAK65euBT37CPKK0SjlV2/A7:V7Zf/FAxTWxL47Zf/FAxTWxLn

Score
10/10
ransomwareupx

Malware Config

Targets

    • Target

      ecab2bb37a3affe7a19f7d9115c00cdda3182be3d220c32c2cbaced881681705

    • Size

      87KB

    • MD5

      ba0fe6339ae1d0f2cc3b4e29f503c198

    • SHA1

      4c411bac2e3da961c6802a7d91094b1ad649c46d

    • SHA256

      ecab2bb37a3affe7a19f7d9115c00cdda3182be3d220c32c2cbaced881681705

    • SHA512

      7335c72d80cf8dcd06f29d50bdcd8fdd256d27e5d389c00890c608a2ba404d0b61b68c00cd2216d2a2ffb19bc46741aab2c1db3e919b2fb3d904cbce2fbc93b7

    • SSDEEP

      768:V7Blpf/FAK65euBT37CPKK0SjlV2/AW/A47Blpf/FAK65euBT37CPKK0SjlV2/A7:V7Zf/FAxTWxL47Zf/FAxTWxLn

    Score
    9/10
    ransomwareupx

    • Renames multiple (2858) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks