Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-04-2024 22:20

General

  • Target

    60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe

  • Size

    160KB

  • MD5

    972826c0d25c16a9070043766d36d15e

  • SHA1

    9c5b907682d21d2606594a3f93227c528d3d7c82

  • SHA256

    60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab

  • SHA512

    d1ccffce68fe8764b3dbec18a9f786cb3338ba6dd5947feaca33beb64b41ef94c2ea42260d97eeb361b166387d8c9d7fc3fc372ddc556c47ba498354784b247d

  • SSDEEP

    3072:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuXwFwtd4:KQSo1EZGtKgZGtK/CAIuZAIuI

Score
9/10

Malware Config

Signatures

  • Renames multiple (480) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
    "C:\Users\Admin\AppData\Local\Temp\60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
    Filesize

    160KB

    MD5

    90df973e8297b6c62b658dda17ac5bb5

    SHA1

    a814fbbba0ff8ba5f3c70d2d662f42c8deab747f

    SHA256

    bb96b59dd45fdda8e75ef2c19fe0143fb4c9164c45fad4ab8c56011964f18ed2

    SHA512

    d75d8427178062c54262efaa515532e30bc77eb706c58a9c88f165c942f0112521cc05cbfe7872f30dfaeb500097c6df7601ab8bcedf0c2ecb81993fafb46ef3

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    169KB

    MD5

    5420f1bd6c41cd11bc33bbb56937f31a

    SHA1

    a5735d3db5bafbc4d04ae7317469554f1c3ccd70

    SHA256

    750bf0a7c6aa6e54b6fb94f874454d898665b770c07fe06c7e4062632b59e407

    SHA512

    4ed39f68791c12a5402ed94c11f951b2a93aadbe71d67b7f98fcd08d4d56667afd6646751583945abb4fac041f93a4cd250ae29a8a3a8279915babf765d236cb

  • memory/2456-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

  • memory/2456-26-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB