Analysis

  • max time kernel
    102s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 20:57

General

  • Target

    418d623d94ca101b819831d0793566825aef050fb9c7b91b6b59f8a40a8247a6.exe

  • Size

    93KB

  • MD5

    87ff8fa4dd98bacd9a9ded160980bc1c

  • SHA1

    c07e48fbf9a5a237971db7e2c39d91fed790c057

  • SHA256

    418d623d94ca101b819831d0793566825aef050fb9c7b91b6b59f8a40a8247a6

  • SHA512

    99aea105e5720b9b39bbfbc43922dc8f506beeb2aea66a52a695c87824e01fdcedebcf8600cdb2dc4dd151e691f405f1c53c30af72a7d216d625c1b707fb48b2

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/ey1Sy1L:6e7WpMaxeb0CYJ97lEYNR73e+eKZPVF

Score
9/10

Malware Config

Signatures

  • Renames multiple (726) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\418d623d94ca101b819831d0793566825aef050fb9c7b91b6b59f8a40a8247a6.exe
    "C:\Users\Admin\AppData\Local\Temp\418d623d94ca101b819831d0793566825aef050fb9c7b91b6b59f8a40a8247a6.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

    Filesize

    94KB

    MD5

    cf4cf8ecfd857d845d8674481cea54ed

    SHA1

    20897e64d95bba471f8f1ed73ce1a74de44febd1

    SHA256

    276e0d592e7e5aa07169cbaf89afcd05b1fc3a4555db771d99a6f5bb8240b53f

    SHA512

    482a32c4c9d7fe24526538fb84f8f65ee03bf044ecd91f521364628b41b235b2672e68968506cd962085218b8056e27bdea5b6484231de89b01826539be6cf04

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    103KB

    MD5

    3e2c7c0abbe852c96534376dd7d2fc70

    SHA1

    460f66da2239546a0b2b5ed27376d7245a25443c

    SHA256

    1f5cd8ba177aad173af9c77ee4fe078eddc5dbae09a6fd08aae80df79549c4be

    SHA512

    f67a3b8be6a0bb57db6f510068f30311caa075fd6a1038e7eaadbe5ca3fd54db9f66020619febc3178877371bfcba5a4ddfb69fa61a30d5f1d521431b5715627