Resubmissions

21-01-2024 14:52

240121-r8syqaeac7 10

21-01-2024 14:51

240121-r8k8waeac5 10

01-01-2024 13:55

240101-q776kscacp 10

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    21-01-2024 14:52

General

  • Target

    b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe

  • Size

    245KB

  • MD5

    78db42a978dbaeec6b87e718b0e00160

  • SHA1

    226616df9b26e9ca327805755b75813ad67c1f3f

  • SHA256

    b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8

  • SHA512

    8a8a29eb8679512ab214d16b3e207a4545dbd63a8410ce41eef8d2c249131a5947a157344932b6041feb3084ad14d437627d754a34b977a6c2f71159a54b2b5c

  • SSDEEP

    6144:ZU1aQUdyXTFDhznLOoAM4zkw7nMnp5PdleQRWsvBoCRt7Y0x:ZUQd4TFJLOolqk/72QksvBBt7Y0

Score
9/10

Malware Config

Signatures

  • Renames multiple (184) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Deletes itself 1 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe
    "C:\Users\Admin\AppData\Local\Temp\b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe"
    1⤵
    • Deletes itself
    • Enumerates connected drives
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    PID:2188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\HOW TO RECOVER YOUR FILES.txt

    Filesize

    415B

    MD5

    a737534f6b78e78d154a68c9e23251b9

    SHA1

    f4cff3471965cdd5763edf86fb897f2e671c9336

    SHA256

    9c551d94361cfe9c3bd475d6d45738f299fc9eb07fed69a44db30356e2af14d8

    SHA512

    d0c7c82ff8a7991e7e2569a0ce412c0fc5ed5fdad0174ecc9c73c31a6af2f85f7e23695735d2a61c85aea7996383ee26926f04f29627bc61c6a7992af48f096d

  • memory/2188-1-0x000000013F400000-0x000000013F4A2000-memory.dmp

    Filesize

    648KB

  • memory/2188-0-0x0000000077170000-0x0000000077319000-memory.dmp

    Filesize

    1.7MB

  • memory/2188-2-0x0000000077170000-0x0000000077319000-memory.dmp

    Filesize

    1.7MB

  • memory/2188-253-0x000000013F400000-0x000000013F4A2000-memory.dmp

    Filesize

    648KB

  • memory/2188-254-0x0000000077170000-0x0000000077319000-memory.dmp

    Filesize

    1.7MB