Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 01:03

General

  • Target

    a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe

  • Size

    77KB

  • MD5

    0007ecc1ec3c771ae7aad3f1eaa1f3c3

  • SHA1

    7be1cad50dedbde4ed8dd329b197fc19b1d60f83

  • SHA256

    a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d

  • SHA512

    dbe2619ff74df1a2e8a7afea7f740c99abf83c7811739c4ecf319eda63e4233a12e5e9da249be14a691fd253403282ecf79cdd779f46bf35fe7597b1085e1e9b

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8+:+nyiQSoV

Score
9/10

Malware Config

Signatures

  • Renames multiple (676) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe
    "C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2600

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

          Filesize

          78KB

          MD5

          5255fc80bbb632608b781a9cfdefee22

          SHA1

          f9c049a385bf9f45367f172e209e393d14099c43

          SHA256

          e45a04a58b30af8dce51892fa07e72f2cc4fd3f41ae42109d9bced2f3c56d92e

          SHA512

          58ccc87e08438b4e9481b2db66dc382992d8c4006ac7ffbf2873b8910182574922fe22dc723c10ea09b07b14a74833c086be32bcf521541ea32c8bfa5476ff81

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          87KB

          MD5

          0b3210078399bdc5b764b1c86d52a21a

          SHA1

          f1e6579675bb1cccfb8b2b6d9414cb2eb95328e9

          SHA256

          8942a892cb057e56a63ebc48cb1df277529caef99d34ff4d05c9eae8d7ebf243

          SHA512

          7557d64c13fd9743e168dae337bf38a30eaa445a15e97c9fb1d1b57f5953b7aca1c895d4fee7761366d81b5116dd0c31426c611bd2893291b270a7011bea810b

        • memory/2600-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2600-68-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB