Overview

overview

9

Static

static

5

ae1b59aec1...96.exe

windows7-x64

9

ae1b59aec1...96.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-01-2025 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae1b59aec1298746771f88dbc488dbee16fc379234ba7184276592915d544f96.exe

  • Size

    1.1MB

  • MD5

    7e5594403507d5b9d2219410faf1d17b

  • SHA1

    d5b057aee46765fab71595dd9f841e4838ff50c5

  • SHA256

    ae1b59aec1298746771f88dbc488dbee16fc379234ba7184276592915d544f96

  • SHA512

    1e4f94ecd4fb299b730750e30192fd0d3ddcc5f5ebe53819746476d79caed2d96e3217ef1554ce15ad5fca2a922298a14e77aa92231613f68b03be701eb89b93

  • SSDEEP

    12288:dE7E6Y7nTb+TPKuIjOshW1SIuBsQMtZXZFh0cJvxS+P2Z7IQUle9r4I3yE8yVj2K:76OuISshzm7xZbflQ+PvQh9EvEYhM

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (1762) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae1b59aec1298746771f88dbc488dbee16fc379234ba7184276592915d544f96.exe
    "C:\Users\Admin\AppData\Local\Temp\ae1b59aec1298746771f88dbc488dbee16fc379234ba7184276592915d544f96.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp
    Filesize

    1.1MB

    MD5

    a4be88c7dd2319f0cca863da85652cb6

    SHA1

    eab8210ac7950a6559c9bce504179afd601b22bb

    SHA256

    2748ea94b53052bf1d9c2506171708db480c809f3d3c0219a6b52ca9f1ca5414

    SHA512

    86805e637496d07983cd8f2e0758a52f04f171828c26dcfc41a709b80879f6f2ecad4433ad3376e7d31df88c68cad5e2dfc3c27283b7ffc547276290c0845cab

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    1.2MB

    MD5

    b1ed23352159f9e6a3af731cb4cb27ed

    SHA1

    88b4341f73e5acb65c68636ff2364146b35683d0

    SHA256

    0099cd97d6c9804c57a686c5ee1fe8686efd236ed5bde9af50ee327f3a1707a3

    SHA512

    a1dfa08144f50f6f30d1902c5ecfe0aaf2007cc32a350f4f2aa2e354b4f00b946fef2191d3340aea6a945a70824349f8660001e2507b357c08d498d48528b28f

    Download Submit

  • memory/5012-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/5012-392-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download