Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 01:08

General

  • Target

    a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe

  • Size

    65KB

  • MD5

    63fcb62e044ba8aae40c23ca1a1f7ca1

  • SHA1

    8f6c51522febb87cf7eef5187767cb472de60378

  • SHA256

    a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c

  • SHA512

    43eecb8cf79a64b8f020caede32da9767cedc98b46929a97f19ffda6fe6ace619a56a0e559600f72e2cc09a6936ed6475b562a378ee76ee5728493cb4be56bc6

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZBX5WX5n2o:+nyi4Mh2o

Score
9/10

Malware Config

Signatures

  • Renames multiple (3677) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe
    "C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2956

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

          Filesize

          65KB

          MD5

          80d1ad41a8e84b8d074781b8df30882f

          SHA1

          37e8f4581e798dcbcbc0b4c5edfde147ed9a8616

          SHA256

          47f8d4aaef67ebc476f2c1b73e150bb8577ebc760f104aa18d3d40ec2ec566c4

          SHA512

          c00e82404a348a6b90711fee6c561b3b4f34bf822bca1033668dca3177e57b48f14a6a440c93cfb8354e3f80e3ce6e60dd8a499000a0a14ca5fa40e4066ec3e2

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          74KB

          MD5

          89c3ad954b4692dc8df4e051040cc0ac

          SHA1

          0077ecd5d063ed147f43834ffa6a0fe527a685d1

          SHA256

          cf37409f0a9b5aa623227c259794c0048aea250774a4071c61a72678c965208c

          SHA512

          0723ec909706b7ecc1610d80018c0b197c1aabc98065320d3aeb3d2d57e5891ccfef5f58762cd3d99583321e9cb7403193013f8a18750e5144c68ea6c01a6862

        • memory/2956-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2956-644-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB