a45219c59e190f25ad6d40db0ae74cd8af0b4222b9d7d409322de7dd2ae2373a

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 22:53

Target

Done.exe
Size

118KB
MD5

7ab0af2a1153adcf3237b3bcf1b35419
SHA1

f5e9dc83eb95ae4b1118b034e91e937c9b884bca
SHA256

a45219c59e190f25ad6d40db0ae74cd8af0b4222b9d7d409322de7dd2ae2373a
SHA512

e5736298809fdeb6b66766ae3a8db355a152ca784ad8ccf8500e4496cf869f320c11f6dd4e5ca484e56ef7819d13f52f2bb668ae7db06ab4ef3e439c231cc723
SSDEEP

3072:8ZbACwLtsHStagQqAzbt9LbjdcVONk2p38SnLtoA6:feSta6AzbnS0Nk2pMSnLtX

Score

9^/10

ransomware

Renames multiple (87) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Drops desktop.ini file(s) 1 IoCs

Processes:

Done.exe

description ioc process

File created C:\Users\Admin\Desktop\desktop.ini Done.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Done.exe

description pid process

Token: SeDebugPrivilege 2736 Done.exe

description	ioc	process
File created	C:\Users\Admin\Desktop\desktop.ini	Done.exe

description	pid	process
Token: SeDebugPrivilege	2736	Done.exe

memory/2736-0-0x0000000000F10000-0x0000000000F34000-memory.dmp

Filesize
144KB

Download
memory/2736-1-0x00007FFE778F3000-0x00007FFE778F5000-memory.dmp

Filesize
8KB

Download
memory/2736-2-0x00000000017E0000-0x00000000017EE000-memory.dmp

Filesize
56KB

Download
memory/2736-3-0x00007FFE778F0000-0x00007FFE783B1000-memory.dmp

Filesize
10.8MB

Download
memory/2736-237-0x00007FFE778F0000-0x00007FFE783B1000-memory.dmp

Filesize
10.8MB

Download