Overview

overview

9

Static

static

3

c0302061ea...5b.exe

windows7-x64

9

c0302061ea...5b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-04-2024 02:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0302061eaffab35f993eec903d2b6d85463fcc5b73d9bdac4e1332a4c48455b.exe

  • Size

    356KB

  • MD5

    cad7609bfd0a084e26e46db6b5d876ec

  • SHA1

    c895d7a69b4922c39b832c4447b3360d459236fd

  • SHA256

    c0302061eaffab35f993eec903d2b6d85463fcc5b73d9bdac4e1332a4c48455b

  • SHA512

    30d13f37474ed93e6c6906c0183b99befa8f8c4f37217b9f30f3a190cd6f0fa2449f46e1d904a6d80526f61217aac585dd15c6ed69de75a2e24a1ebe4bdb9b5e

  • SSDEEP

    6144:ndW+Dffz1gUZ3sOeNw0VqIJ/uJn9tvq3v3/sSQJw1Tn:dW+Dfhg0cvd5JIDvTJw1L

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (5058) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0302061eaffab35f993eec903d2b6d85463fcc5b73d9bdac4e1332a4c48455b.exe
    "C:\Users\Admin\AppData\Local\Temp\c0302061eaffab35f993eec903d2b6d85463fcc5b73d9bdac4e1332a4c48455b.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2876
    • C:\Users\Admin\AppData\Local\Temp\_7z.exe
      "_7z.exe"
      2⤵
      • Executes dropped EXE
      PID:5028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini.tmp
    Filesize

    73KB

    MD5

    0ab93d355a22cf1952e35736e8a5df57

    SHA1

    f1767345416d05736572ca33160ee0fc5b24b34d

    SHA256

    6c50e9df15fb0140f243f330f2709c3ad164d84525a46f4f16a775970436583b

    SHA512

    b20c94bf92e2aa2f9302b327596c6a90c1faa3246aa8bce5a741b5af3b42ea51c5ea66d7d5d9e3c78d33b5cc004dcad0ded560569a5dc48941d6b0f99e1bdde1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_7z.exe
    Filesize

    284KB

    MD5

    a42b35f975d88c1370a7aff084ee57a7

    SHA1

    bee1408fe0b15f6f719f003e46aee5ec424cf608

    SHA256

    56cc9e7e3767c0cffae8161bf0ad13457487c1b422e2879b897dbd4bab115776

    SHA512

    b92d05515e18277db660118934e70678ee2a3bb66005bad19bb417ffaedb22a63727a5a697ca3ac0f6c48f6f5593ba45ab80f4ebdc0eaed10d80b7af04d45b23

    Download Submit

  • C:\Windows\SysWOW64\Zombie.exe
    Filesize

    72KB

    MD5

    7b216b687adea8e3dacdb29dce7119ce

    SHA1

    c63ceef73ea305774b7365e08b15c865fd79c815

    SHA256

    cd2b1c3bf9ba7faa3cf4f3f4454cc3330a85f40beb1318ab38abe395751d9dc2

    SHA512

    f50c5c01b322fa60a5528029f07150609b46be31521e4537b0a63e755c1422896b7b8b551629e02b950240ac2b0e99625d5838f8fd77da9f16234e626a688c80

    Download Submit