Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 04:46

General

  • Target

    fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe

  • Size

    81KB

  • MD5

    218bc73ae39bb68cbc38bbc4dcd7172d

  • SHA1

    0509bbd0e36541e67e7a8b85ede8be194197fec5

  • SHA256

    fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6

  • SHA512

    450b9e5004ce5da277c34eca428f25f27d141c9918895af82d547618c5d9d74a40c40351e906089b4da810a21876a7cd98a2ec5ff9be777e7dd73100f75966b0

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhb:6pWpUFpEhLfyBtPf50FWkFpPDze/qFse

Score
9/10

Malware Config

Signatures

  • Renames multiple (5031) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe
    "C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4116

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

          Filesize

          81KB

          MD5

          a5d5bfdccd0e70191b01bc594f6ca59f

          SHA1

          8b29bf2568e1ed1121056f8acc0bf212ccfa60b0

          SHA256

          58b6279e1d3681990ff80334e433b684f0311e88b0ea34a1d84d3d5c35cd0faf

          SHA512

          2565da34993de7d2b40daa32a96ed8101fbe1b964828eb68494b379ad8d7f6737734088a4657fad67e36d0a3f8ac0e5fa4215302b7359e5a01da4beb5347fc30

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          180KB

          MD5

          bc595b1cc123e0eb3a3328bdb8504cbc

          SHA1

          dd08c565feab68ca479acc53e52c8782b8bbd957

          SHA256

          934b122f398b21c74086b5667cc4bd59d292eb2581711f8113f854fbf6cb5c7a

          SHA512

          04dcdeb2d110702e3125dc4a5fffc50b03a425ef5e83028158947e2dfba482a67d9acbad3362bcfb7a0f3e66a71c1c11d200378b40338c5f3288fbb90de6b73e