Overview

overview

9

Static

static

3

fa1864ef0a...d1.exe

windows7-x64

9

fa1864ef0a...d1.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/06/2024, 05:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe

  • Size

    30KB

  • MD5

    8cce8e156fb7b128ba7fcaa766a1db4a

  • SHA1

    36f5433f88615b578614142a2fffd07e75a09de1

  • SHA256

    fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1

  • SHA512

    7c5d8a457d64253208693bb1891e9847bfafa577830b4537e82c79179982dbe47eace33774d2bd99f11af9ad23fb0cae7c5cc4df5b5b8de6fd8829359a3bfd37

  • SSDEEP

    192:tACUADIY0Br5xjL/FAgAQmP1oynLb22vuN6GnN6GW3tl:GBt7Br5xjL9AgA71FbhvuNBN8

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (5193) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
    "C:\Users\Admin\AppData\Local\Temp\fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3968

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp
          Filesize

          31KB

          MD5

          1ac88aef1ed8ac6335488886c2a421b0

          SHA1

          11a4c44b3c5e89abf46ea5d652f41a7e7c0a150a

          SHA256

          6a07d0029211bd812b9ff537337370cf4a46f8d184c0504fb0c31a61cc284eda

          SHA512

          3b8b3f41d950ccbc86cf172de20840f7517a1e866b187ddc3c1c9dc5b5a8f9ee8b0c19a10e266f1db0bb8f86d04a1464c1c6f5762b38c3ef7f0d06b559de743b

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          129KB

          MD5

          69311168c7d1149a7f1a86924b7d6881

          SHA1

          6588eef2b3d9b831c7f913cf8a6c314c267f1caf

          SHA256

          1aea8d204e6360e0fbaf595df76400356c2ad6e0246b869cf27db8450fd544d4

          SHA512

          b373496324ba3146d6536432cb8a9bb9794f09940fda7c8e9bda50ae86a2466cd82c5d3b7cbba300cb6f0989ff357a9a510596a5818dfdc06377c04385657453

          Download Submit