Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 01:47

General

  • Target

    1b36162ad762d667dc8d71b1c31aed40.exe

  • Size

    31KB

  • MD5

    1b36162ad762d667dc8d71b1c31aed40

  • SHA1

    d1f4085b24722705c76c251dd02d7d0915c21941

  • SHA256

    d1c54c2b333100d19458d0fb2f37f20c1199e3200a4e535e4f7ae0439b325b95

  • SHA512

    ba648d89b4bd3b7d062830c53746bfd537ac3151ce65095d81ce7580eeebd827f14df4747752c79d3b71b6403514cf68a5707c8ee153a80d844c52a221920aa4

  • SSDEEP

    192:tACUADIY0Br5xjL/FAgAQmP1oynLb22vuN6GnN6GDb0jKS5b0jKS/:GBt7Br5xjL9AgA71FbhvuNBNz6Y

Score
9/10

Malware Config

Signatures

  • Renames multiple (3845) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe
    "C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2184

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

          Filesize

          32KB

          MD5

          e640b3c7c41ea4c91cb8e7bdbf83a22e

          SHA1

          35e559e71a4f3607ef5475f5004335c00fbd1f0f

          SHA256

          cd8700c925047647f40e656b717354274da891d78d41d2ee540b2c3dde57854f

          SHA512

          297e344abded2143ff4db8c85e650e452f7d5412564d09c7cd6500c4f08fd834eb637e4415834556b5de1234031ad4f9770ccd5e76b76b60553be547f8d75b62

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          41KB

          MD5

          777b1ce61784eaa32ae68854b364e3df

          SHA1

          f81ca847223edaf3b554336c6f06987f009d7f37

          SHA256

          b85fbede67a8778a690738d4f852b033b3c7cca22e85f2d918a78c5db3b1b37b

          SHA512

          3a258fad744a26dd58a7d5fe21ee63b9d8a086237a4bde69de6155769cb772d9449b3d93a75815587e4fda1186dd80a2e6e1f1886d34b9f37789a3ae4c199b34