Overview

overview

9

Static

static

3

759b06eab7...b7.exe

windows7-x64

9

759b06eab7...b7.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 23:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    759b06eab7ebf0dde75a00c2737ea15ebe528fee415962bab23329363b7e1eb7.exe

  • Size

    390KB

  • MD5

    60e1792058c82af983b1c31ef587f2f3

  • SHA1

    49b08031f9f245addf076a89165075c40fbe7d5e

  • SHA256

    759b06eab7ebf0dde75a00c2737ea15ebe528fee415962bab23329363b7e1eb7

  • SHA512

    f31b66a06209bb289ebbd4e64794aaa57a9b59a85ccc2aae1a7ae1b86dec023fe75b1f2f0cf12dc16d6ac4044b481cc970e641c272eb435c945c2fcdf6f39385

  • SSDEEP

    6144:RqKvb0CYJ973e+eKZ25T/4DO/B5fpRr3TmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVG:vvbxYX7Z25j4DO/B5fn5ca

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (5189) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\759b06eab7ebf0dde75a00c2737ea15ebe528fee415962bab23329363b7e1eb7.exe
    "C:\Users\Admin\AppData\Local\Temp\759b06eab7ebf0dde75a00c2737ea15ebe528fee415962bab23329363b7e1eb7.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1236
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:4852
    • C:\Users\Admin\AppData\Local\Temp\_MpDlpCmd.exe
      "_MpDlpCmd.exe"
      2⤵
      • Executes dropped EXE
      PID:1576

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini.exe
          Filesize

          79KB

          MD5

          13b1db86e174474188eba78ada553a42

          SHA1

          608a95d288699cac774bb5a0d4423220adaba87d

          SHA256

          a0997e1b4190b60750d8bb285691f1f42c05403a5144e108f53e6945d768b319

          SHA512

          fd27087ad248c69fa96f0b395dbea819185f7b04ded13c9b0ef8041214e6821f2598e14117acffe6c5d75d654d6de9bc573fcd04086267d27145c78e714b4d18

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MpDlpCmd.exe
          Filesize

          310KB

          MD5

          aaef344fe1fbd85cdaec2ece7fdf873e

          SHA1

          cc9b145e5583afa05b702719a106e6631c960e73

          SHA256

          7dfb66ef0f85b8d86a462386d28bcfec4ce07faed9c0a836b770d11cd36e0ec6

          SHA512

          cf61c40caf6bc9257b27d4c54462632ca18048c9343f09746ef4de7d5c28b9c41b9e245f3ab6624e26156d0a214408fe146ea51c957b5b8aff0bf4e5d5576fcc

          Download Submit

        • C:\Windows\SysWOW64\Zombie.exe
          Filesize

          79KB

          MD5

          0cb01bdcb90ee87502c652357ae257ae

          SHA1

          45245b4d931a4227964422ad3dda8cd2db44701d

          SHA256

          cd3b23e26530a030a1a1fc4415000040c821eb42f47cc0a781e1f1472edccff2

          SHA512

          85d2fb79fd98ef9f3369eff2cb91e8f4e6a277b086ba1cf9f2772e879fc74fd8c65834684cd2340d35cbcad4d6c3541a2696adbb730fa6b29bb6f86ccae974eb

          Download Submit