Overview

overview

9

Static

static

7

ae5f25723f...0N.exe

windows7-x64

9

ae5f25723f...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 05:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae5f25723fec597fa84d9667d5cfd140N.exe

  • Size

    38KB

  • MD5

    ae5f25723fec597fa84d9667d5cfd140

  • SHA1

    683e792040a89ff10c1125b6faa5a15c1a808a16

  • SHA256

    816e0dbb9b6f0f5513e8ebf468394109973f7da73eda40e21e23f6f637caa025

  • SHA512

    69c6fbf20b5370440e3a8113a449897dd07159d3fa85e7159348404b295a95a023975b34083755d3b78db5e9b9c72b394e65a7e5fd24d7b52ed37c02c43d3718

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJPbUEobUE51lRtJicszsOVCqd71rxHdcU8gXd71rxHdj:kBT37CPKKdJJTU3U2lRtJfOLP7Pj

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (375) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae5f25723fec597fa84d9667d5cfd140N.exe
    "C:\Users\Admin\AppData\Local\Temp\ae5f25723fec597fa84d9667d5cfd140N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
    Filesize

    39KB

    MD5

    48b507fcbd3684f63762b7ff69ccb60a

    SHA1

    de7f8ed794a369f111de14bd97dcfaa422057328

    SHA256

    a36e44d45c4e7842cd606ed9ce41770d9e79e15e371bc3cc8bb7ddc8246c5818

    SHA512

    844fbbc7f14498ccd389b6a56f34a7f1fc6789a3d48a2c1989c27e7c7ed8d57b3670ba1dc8313777c8e4a358190e21fd408e06cb896e183300ca02ce5bd563f1

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    48KB

    MD5

    3087ec61a0a7830030c9ba582845ffe7

    SHA1

    41c7703a55d87421d2908326c2bb806b5064377f

    SHA256

    32f189b0c106fc18ce3c67a3ca962129c565b07ca0cefe26b80537f2f95153c7

    SHA512

    c04d903f8fe621513001f18452a6e9f264cac9fb590dcbd6d012d23d801298d81c4b3407fbdf0952e1a706323946520b425dd9ba89b306da3601539c69d8ac61

    Download Submit

  • memory/1840-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1840-27-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download