Overview

overview

9

Static

static

5

18f1e5daba...00.exe

windows7-x64

9

18f1e5daba...00.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2025 22:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18f1e5daba95fc4fec6575a47a18ec4d09cf1c0b2a8ee8ef68231b582e54ca00.exe

  • Size

    209KB

  • MD5

    92bd269cc41e1ab20db38a0628d5ff14

  • SHA1

    863b16ba4e97373fb691d15ac18b48bf3a6fe634

  • SHA256

    18f1e5daba95fc4fec6575a47a18ec4d09cf1c0b2a8ee8ef68231b582e54ca00

  • SHA512

    bf3abb5f30b9bd2d4cb31aa1835d3c93606d79634b4c4af324e727b9e91c7df53ad6a74422e3f4444b80097d2ffdd5cf1c9fc24b1e3e83c738bb2555fc1bf0c4

  • SSDEEP

    3072:fny1tEyyj2yAeCgjJQWHIjN3tj6qnv0b2UrXkbvLiPI:KbEyyj2yAIJbIjNDv0bNXkbvLiPI

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2695) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\18f1e5daba95fc4fec6575a47a18ec4d09cf1c0b2a8ee8ef68231b582e54ca00.exe
    "C:\Users\Admin\AppData\Local\Temp\18f1e5daba95fc4fec6575a47a18ec4d09cf1c0b2a8ee8ef68231b582e54ca00.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp
    Filesize

    210KB

    MD5

    e32a7820c1a39c87d4457e71204b469b

    SHA1

    c70f07b485ae7931bb1991d47a26cd04f7a475e8

    SHA256

    776a505f678de9a4ec8199dbc7e46a9808d9bc7d29b8d02ab1630c5e9f9a45a0

    SHA512

    f51d570f5390a1f7fdb4916e4afd8bf8879b82944f26d7751d50d29ad4e60ae420b89d1ebbd4032410bbb3102376fc8d9da3a54173934c91f9e3297f53fd7d80

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    218KB

    MD5

    ce1b90e3d31849ce836997018d86c684

    SHA1

    2173393c255d90a7bb195ecbb17b08d4b9b6b04b

    SHA256

    29970c2e4b3d76c26586bf722e977b3fcf3df0db4434613529b9efbcfaa057df

    SHA512

    867f0f59b92a6c866876b7e194fb40cd46e2076aa3d3aeecc93f54b2374d856ca3838af3ddd17ad85b1a0e8b022f9ae1aa01dbf42200347a277393858cfe5aeb

    Download Submit

  • memory/3048-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3048-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download