Overview

overview

9

Static

static

7

ae2cc66eb3...b4.exe

windows7-x64

9

ae2cc66eb3...b4.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/07/2024, 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae2cc66eb3d9857dd609a4da06c9b42ac11ea84158ed383a071217bc1e8db8b4.exe

  • Size

    129KB

  • MD5

    3649d62929596d216420737d705d5016

  • SHA1

    c085af739023d072301bce400d0531d73d7d469d

  • SHA256

    ae2cc66eb3d9857dd609a4da06c9b42ac11ea84158ed383a071217bc1e8db8b4

  • SHA512

    c0e0a97eff3c49277c9e43becf6de62ec27effa8911174430ffa6f3eafa53f5eefda886dd82de5f762c72edffa6731f1fa571918246ac61f037b663797e4daf8

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZuEd4HZKMSs9w7WsLhEC7ptUSZV:fnyiQSo7Z54HZKMx4dhECVlZV

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4812) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae2cc66eb3d9857dd609a4da06c9b42ac11ea84158ed383a071217bc1e8db8b4.exe
    "C:\Users\Admin\AppData\Local\Temp\ae2cc66eb3d9857dd609a4da06c9b42ac11ea84158ed383a071217bc1e8db8b4.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4008
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4080,i,5019894817651309870,579021928995875068,262144 --variations-seed-version --mojo-platform-channel-handle=4104 /prefetch:8
    1⤵
      PID:348

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-661257284-3186977026-4220467887-1000\desktop.ini.tmp
      Filesize

      129KB

      MD5

      d0639004a98ae3be06a52b119000e566

      SHA1

      15afd6ea0a31a6a7d7285848b4a01bb70db5c040

      SHA256

      6262da1f4dd57c3dd08b42725ebe2ea40457d216334aa0e91a39511a09d33360

      SHA512

      46ae7ade3ebd6688f7c3dfd6bcd3ef9f6ea145e62c3b3992bd27dd621129327d19127472efb03a8379e2d3702c2864eac222321fbf615aff4230b72b412e8469

      Download Submit

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      242KB

      MD5

      0899c3ab3c35959b89dd3c2ca3eaa8b0

      SHA1

      5dc421be14a22d45f3cc65415f492ffe361f6455

      SHA256

      b15320dec20e4c559ec1e15a3d547424a379c4fef25513b4a1fc68b520661fa4

      SHA512

      ddf21c404f2d439f4d9ea3c7423700ef32d29b57cbfe3437d326db2c6f6111669dd42b398d779329a49f6b9efbd1b52482da8daabcf009745225f18d759c39bd

      Download Submit

    • memory/4008-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/4008-1732-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download