Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 04:46

General

  • Target

    fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe

  • Size

    81KB

  • MD5

    218bc73ae39bb68cbc38bbc4dcd7172d

  • SHA1

    0509bbd0e36541e67e7a8b85ede8be194197fec5

  • SHA256

    fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6

  • SHA512

    450b9e5004ce5da277c34eca428f25f27d141c9918895af82d547618c5d9d74a40c40351e906089b4da810a21876a7cd98a2ec5ff9be777e7dd73100f75966b0

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhb:6pWpUFpEhLfyBtPf50FWkFpPDze/qFse

Score
9/10

Malware Config

Signatures

  • Renames multiple (3456) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe
    "C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2932

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

          Filesize

          81KB

          MD5

          5d87e3913ac2e848bfa1a5dbf3dbd201

          SHA1

          941e145b98268689a366a963ef271eb35a6f60c8

          SHA256

          6b6f025e7bdcae81dad5d7c6a785c66f41e303d4eb3edb40db4f384f945c5c9b

          SHA512

          84de4622b7dce1ef4fabff1201252ead061fc0e4a648bcf7d4d7d15f5b101a2fc6bc8da850559ff89243ed154421ede4583f41febd9a1a414d92ca6318f10666

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          90KB

          MD5

          e4d34128971cb7a8cb75bc23cc3d0663

          SHA1

          9748796afb8d12591b8d80bea7ea152a9e2fd62d

          SHA256

          81b6a4753d4524245df0836ab7438311e7b682b8f7572b9adb2d32fa6de64c08

          SHA512

          a7d1a5ac51082f1cc8265ab83e56f53c585596b4f954be85378188d14ec7d2c9adca4d758f04a684504855bf4692dff9da582b79fa2c66bb29b273fc4942b2e2