Overview

overview

9

Static

static

5

ae1b59aec1...96.exe

windows7-x64

9

ae1b59aec1...96.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2025 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae1b59aec1298746771f88dbc488dbee16fc379234ba7184276592915d544f96.exe

  • Size

    1.1MB

  • MD5

    7e5594403507d5b9d2219410faf1d17b

  • SHA1

    d5b057aee46765fab71595dd9f841e4838ff50c5

  • SHA256

    ae1b59aec1298746771f88dbc488dbee16fc379234ba7184276592915d544f96

  • SHA512

    1e4f94ecd4fb299b730750e30192fd0d3ddcc5f5ebe53819746476d79caed2d96e3217ef1554ce15ad5fca2a922298a14e77aa92231613f68b03be701eb89b93

  • SSDEEP

    12288:dE7E6Y7nTb+TPKuIjOshW1SIuBsQMtZXZFh0cJvxS+P2Z7IQUle9r4I3yE8yVj2K:76OuISshzm7xZbflQ+PvQh9EvEYhM

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (405) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae1b59aec1298746771f88dbc488dbee16fc379234ba7184276592915d544f96.exe
    "C:\Users\Admin\AppData\Local\Temp\ae1b59aec1298746771f88dbc488dbee16fc379234ba7184276592915d544f96.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    1.1MB

    MD5

    0150ef571840604b281e6d84933dbd73

    SHA1

    c1c03eaaa27aca7a5f0bf891f4bddc7cd3547587

    SHA256

    f70ce806cc34f01db5acbca54d094025993af7fb1d54c3ff801cf12d5cbbd290

    SHA512

    fcda8e27379c1cda55a05e5bd6dd631232c1d9f59c28930674589b53416e5a2aa4f118d40584affb75256a68a7168a210f83a00da672f3f2b441a488ac531103

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    1.1MB

    MD5

    388d7ec7d00385434d065def8024f499

    SHA1

    730232beed060f4a300a45bbf836ab3f6c98c5f0

    SHA256

    37c467aff936d6b33757ea0b8a2d5226963d41f48e577d5f2ab8e3b4cd7a24ca

    SHA512

    404d37a4ec835832e10fae4cddccee4306c9b6bac4a2dea71b36be88ba1adfbf099a647fb8dea08d33ad92fc9912070c098167f04c333d62985870af27c00854

    Download Submit

  • memory/2680-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2680-58-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download