77a164b6f3112876b7b2b2c8a7b9ee57997ddde6f4e6cd5235f41c1cd5478621

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 15:27

Target

390b31934a8c6923fca53127953406a98231e4437a8523f242c072b0c38bb756.exe
Size

253KB
MD5

039d8bcbc7ff29dd95075a4a9b58ca74
SHA1

36e23eeeabc22cbb11d39297af9ace9221b21c51
SHA256

390b31934a8c6923fca53127953406a98231e4437a8523f242c072b0c38bb756
SHA512

3fdd2b870c5dc5d23e467397ca754fdd1406bf201a4b0dda5a5abf2aeb24c093d977d49b074828f9eba481ba654f482a09d1730da1ba819078c9e6e0ab329789
SSDEEP

3072:ihEkXmeP9slEbXi9qPtD/H/MXC5ua1JYI0FCFS1nFZ8WtbX7ehO4tP8X6PtILdfs:TTzlE7iOwIGEHShXuQ4hWQ

Score

9^/10

ransomware

Renames multiple (195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

C:\Users\Admin\AppData\Local\Temp\390b31934a8c6923fca53127953406a98231e4437a8523f242c072b0c38bb756.exe
"C:\Users\Admin\AppData\Local\Temp\390b31934a8c6923fca53127953406a98231e4437a8523f242c072b0c38bb756.exe"
1⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\bin_tests.log

Filesize
4KB

MD5
5ddd25044b21c89d26ceb23ab4c5acd1

SHA1
0e10b45b768e79caeb73a456c73451dca0f8fa6f

SHA256
4a583953828745713a648f02d1decda9983d7cd9b545750f954e0b39dd5019b1

SHA512
8d13cba4587c473a81873ce5756056e1bd81fb74c748ed64b802cee1c319023b4d99a539b051ddf4d8d4fcca14c2d9bb525332dc00ad3ed93e3f6027c7fecb56

Download Submit
C:\Users\Admin\ntuser.dat.LOG2.ReNaMeD

Filesize
42B

MD5
74fa17ccd613269f12f99c298232269c

SHA1
74355db50ecc78c37c4f6db6f672b5e89527b6b7

SHA256
e4bb7e3a930d1b9a6d62742b7cc6096c6c31b7195af2f84c0b6b241957bd121b

SHA512
95975a10cb52c1042ed1ca3cb2fa48c56167a2a77295a9e741f1a2ca3ee2e096b432cfd37a3a21003bc7e865c6b495d8067fe71942b8b56d2c5cc12539739841

Download Submit