Analysis

  • max time kernel
    150s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 01:08

General

  • Target

    a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe

  • Size

    65KB

  • MD5

    63fcb62e044ba8aae40c23ca1a1f7ca1

  • SHA1

    8f6c51522febb87cf7eef5187767cb472de60378

  • SHA256

    a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c

  • SHA512

    43eecb8cf79a64b8f020caede32da9767cedc98b46929a97f19ffda6fe6ace619a56a0e559600f72e2cc09a6936ed6475b562a378ee76ee5728493cb4be56bc6

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZBX5WX5n2o:+nyi4Mh2o

Score
9/10

Malware Config

Signatures

  • Renames multiple (5091) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe
    "C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2700

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

          Filesize

          65KB

          MD5

          7b79dd8055cff722037c021a990ce7fb

          SHA1

          1955740a7bf4167e7005da8f37899f0490a76adc

          SHA256

          848fb2df0e13818fe290b1eb3e66b2529cce75727fee64f2560a1cec4be7bade

          SHA512

          e81b897949b4cd5d0dd303d146fc62b6873f2fcc01e92c559a19ff1ed276ddfcd3d7d932b46d8984169ab72930ca3b7a915db4d684a3fa48db091d7e36ace106

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          164KB

          MD5

          22cf4e6f65e5a689b6d6d586c3c3545a

          SHA1

          8f4631aa1c8f70e7b44d43f58172f2f551194e06

          SHA256

          5d962778069431c8b471c83efb12f162711dc6a8d2949db50aa1188dd810a4af

          SHA512

          9e087fa3d35830ee80b57b393f13726f2ead91d0060f71e0cd12ae7cc3a072b72038c1f6a459a1efe1499af69600b6864b2da675fa736ea5469168bef8f2592f

        • memory/2700-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2700-1778-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB