Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 21:07

General

  • Target

    450db42ec387724b3979f81561727dff5b68ef9c9cfd0a50e38197474c1e2944.exe

  • Size

    149KB

  • MD5

    0e2235b576253d56dab6bb43ac954e31

  • SHA1

    ac44c5b3c65a9fdbb9aaec3f653401278818d1a5

  • SHA256

    450db42ec387724b3979f81561727dff5b68ef9c9cfd0a50e38197474c1e2944

  • SHA512

    a57b0241a3db39024021c7ae8cf82d857aa5a0ddce95a98057aec2935a36a815a13e6db193357ac750081a529e69a174be77003dbb286f1254fc779a1b7da865

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8s316u0MXo7Rwcz6G7wb/G0CIvXZ9yhHe:+nyiQSobuBhe6MiIqWLsUu3ih

Score
9/10

Malware Config

Signatures

  • Renames multiple (4711) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\450db42ec387724b3979f81561727dff5b68ef9c9cfd0a50e38197474c1e2944.exe
    "C:\Users\Admin\AppData\Local\Temp\450db42ec387724b3979f81561727dff5b68ef9c9cfd0a50e38197474c1e2944.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

    Filesize

    150KB

    MD5

    011fda18e68d89b763d847f17bbfb277

    SHA1

    88c3bb989c5eede1238b58e54b6d3d36d7b00943

    SHA256

    a40cd23e43c478831f22feefd9b7d829bdf8a353cf743a23bae80f8ccade25c9

    SHA512

    15abf28a70592ee7f41e0c56cbfc4a3de4edaad8df814ce85cc4ef2c25297a2b830a48a7f0e1760c8a666f9db72693d550dc46d47111fe23baa2a552302f0cef

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    248KB

    MD5

    d351af8d60a1490eb7e63526241e023e

    SHA1

    5219530cfae91da43dc137a111046a0c27b85f1f

    SHA256

    e2c06fbd2e20060c2d2c6650f61c6c38e36e97fd5e8a0be8786142825449d893

    SHA512

    8ad9c97e9d55dc6000fe86945c2f29f77354ddf371847a4d6bd49b8ad073781f60d21db51b258604c0fafc38e1ddac2c458d7bfcc34942ebd951f7960abc7921

  • memory/3080-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3080-1680-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB