Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/05/2024, 04:12

General

  • Target

    e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe

  • Size

    100KB

  • MD5

    b0c39f43c1fdab9148941afe25c87aa0

  • SHA1

    585c91cc7f1aa6320c7ce93850e3b143fc027322

  • SHA256

    e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527

  • SHA512

    d7d2a166fa96f03ba67f7bcc33d93f28e75a6687e4c00258f1e840c824274f3b93f262da502794a3f15a7841d2cadaac88e44160dc487c352196a77b5c7054f6

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0Kj:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0Kj

Score
9/10

Malware Config

Signatures

  • Renames multiple (3442) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe
    "C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2196

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

          Filesize

          101KB

          MD5

          91f01f4c2f0739d9ffc3aadfa8b7292d

          SHA1

          2a96af58cbbc14dd4b4820778407a66cd619382c

          SHA256

          43967d9e2f024272f0284aa35d89e125d45a2ecbf3f815aa681590b7c6a7dda3

          SHA512

          4b5e98ff4a3b646b6229d2d41228f97a3b70e651120ca5fa8409f2fe3f91bede133a8a41ef63116504f856449c04023d8697e3e86bd9343e40690aeafc731637

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          110KB

          MD5

          6ad7520800d5bc300d60975df9dee2e9

          SHA1

          228713a449c97a88db2e406750b262f4c97d1f7f

          SHA256

          b8456ab497fadce15e26137f824f72562cb0a383d83a182e78eb388a20ba7f0d

          SHA512

          decbd717a52de7e1270eef2cb6358e04fa6e1113d6fbf0bdfa1f12f550af8a14f3aab4afaa4743a58a9d92de0deced767f61667aa036644da42341745705033c