77a164b6f3112876b7b2b2c8a7b9ee57997ddde6f4e6cd5235f41c1cd5478621

Analysis

max time kernel
161s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 15:27

Target

390b31934a8c6923fca53127953406a98231e4437a8523f242c072b0c38bb756.exe
Size

253KB
MD5

039d8bcbc7ff29dd95075a4a9b58ca74
SHA1

36e23eeeabc22cbb11d39297af9ace9221b21c51
SHA256

390b31934a8c6923fca53127953406a98231e4437a8523f242c072b0c38bb756
SHA512

3fdd2b870c5dc5d23e467397ca754fdd1406bf201a4b0dda5a5abf2aeb24c093d977d49b074828f9eba481ba654f482a09d1730da1ba819078c9e6e0ab329789
SSDEEP

3072:ihEkXmeP9slEbXi9qPtD/H/MXC5ua1JYI0FCFS1nFZ8WtbX7ehO4tP8X6PtILdfs:TTzlE7iOwIGEHShXuQ4hWQ

Score

9^/10

ransomware

Renames multiple (182) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

C:\Users\Admin\AppData\Local\Temp\390b31934a8c6923fca53127953406a98231e4437a8523f242c072b0c38bb756.exe
"C:\Users\Admin\AppData\Local\Temp\390b31934a8c6923fca53127953406a98231e4437a8523f242c072b0c38bb756.exe"
1⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\bin_tests.log

Filesize
4KB

MD5
642c61ea6cd0a307ea4e37e682d59a94

SHA1
7c7e966cac5fd1829a8848d630200ca0f265b940

SHA256
d9e02f1027d108ee8e34fc9b8e2b96344ce43782b64cd21d3b3a1a484b9b9448

SHA512
aa975394cf79f073db6ace0de76ae11880e05f89ffba3de97a86fda94912b8c7f65727dac53d100b943dae4192343b68382ccba6175c533bea55342366e89354

Download Submit
C:\Users\Admin\ntuser.dat.LOG2.ReNaMeD

Filesize
42B

MD5
74fa17ccd613269f12f99c298232269c

SHA1
74355db50ecc78c37c4f6db6f672b5e89527b6b7

SHA256
e4bb7e3a930d1b9a6d62742b7cc6096c6c31b7195af2f84c0b6b241957bd121b

SHA512
95975a10cb52c1042ed1ca3cb2fa48c56167a2a77295a9e741f1a2ca3ee2e096b432cfd37a3a21003bc7e865c6b495d8067fe71942b8b56d2c5cc12539739841

Download Submit