Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 22:36

General

  • Target

    5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe

  • Size

    91KB

  • MD5

    741e1e6fb41e551d97866d7efd5207df

  • SHA1

    ac06c7869562f7b9bebf0858a1465f1f3fb41149

  • SHA256

    5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f

  • SHA512

    4b2620ed8b1ebf1f9840e0de2569d4322978ccaaa7fc3b27f923365f41ce45e65c12594c155b54220885ab39551f5215c7102fc025bbf79c91cb89c202ed8e91

  • SSDEEP

    1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNc:6rWpcOPxPke+e3fFpsJOfFpsJbgEO

Score
9/10

Malware Config

Signatures

  • Renames multiple (3446) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe
    "C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

    Filesize

    91KB

    MD5

    965cf30f0e2499f08869590569563458

    SHA1

    fdf3f4496208d58fa84ec6fa1b764bcdbeafb2e3

    SHA256

    5be5bb0788acb73d588e238d0944143fb056557d473f7c0b72eaeb6693c27bd4

    SHA512

    2143b413662f0a364f2e7bfb5b89837ba5381dada352f070f88d1520b247301763de5ba3f194138ed43ae9db8b9c6802d2b06f2f7ac5dec1fc947df8cd1cba98

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    100KB

    MD5

    a087e3fb4e5ccb059ce60aa15538bb61

    SHA1

    16dfeb8d86ec68dc5b6de40cbf2471d623490c51

    SHA256

    3f11b285d85dce103f75f4712a2dd0b76516c6d8c177d3678eccf94474daf5b3

    SHA512

    5127efa28ced6ac2cffc3867cd9cdd4160b7b76b06cbc08ab9bd4d359d24e8982b5ed8a96a9448b0592003d31d9e86b09ef21d735788202c6ef7f54f02c14924