Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 22:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Done.exe
Resource
win7-20240215-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
Done.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
Done.exe
-
Size
118KB
-
MD5
7ab0af2a1153adcf3237b3bcf1b35419
-
SHA1
f5e9dc83eb95ae4b1118b034e91e937c9b884bca
-
SHA256
a45219c59e190f25ad6d40db0ae74cd8af0b4222b9d7d409322de7dd2ae2373a
-
SHA512
e5736298809fdeb6b66766ae3a8db355a152ca784ad8ccf8500e4496cf869f320c11f6dd4e5ca484e56ef7819d13f52f2bb668ae7db06ab4ef3e439c231cc723
-
SSDEEP
3072:8ZbACwLtsHStagQqAzbt9LbjdcVONk2p38SnLtoA6:feSta6AzbnS0Nk2pMSnLtX
Score
9/10
Malware Config
Signatures
-
Renames multiple (87) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s) 1 IoCs
Processes:
Done.exedescription ioc process File created C:\Users\Admin\Desktop\desktop.ini Done.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Done.exedescription pid process Token: SeDebugPrivilege 2736 Done.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2736-0-0x0000000000F10000-0x0000000000F34000-memory.dmpFilesize
144KB
-
memory/2736-1-0x00007FFE778F3000-0x00007FFE778F5000-memory.dmpFilesize
8KB
-
memory/2736-2-0x00000000017E0000-0x00000000017EE000-memory.dmpFilesize
56KB
-
memory/2736-3-0x00007FFE778F0000-0x00007FFE783B1000-memory.dmpFilesize
10.8MB
-
memory/2736-237-0x00007FFE778F0000-0x00007FFE783B1000-memory.dmpFilesize
10.8MB