Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 01:47

General

  • Target

    1b36162ad762d667dc8d71b1c31aed40.exe

  • Size

    31KB

  • MD5

    1b36162ad762d667dc8d71b1c31aed40

  • SHA1

    d1f4085b24722705c76c251dd02d7d0915c21941

  • SHA256

    d1c54c2b333100d19458d0fb2f37f20c1199e3200a4e535e4f7ae0439b325b95

  • SHA512

    ba648d89b4bd3b7d062830c53746bfd537ac3151ce65095d81ce7580eeebd827f14df4747752c79d3b71b6403514cf68a5707c8ee153a80d844c52a221920aa4

  • SSDEEP

    192:tACUADIY0Br5xjL/FAgAQmP1oynLb22vuN6GnN6GDb0jKS5b0jKS/:GBt7Br5xjL9AgA71FbhvuNBNz6Y

Score
9/10

Malware Config

Signatures

  • Renames multiple (5199) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe
    "C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4952

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

          Filesize

          32KB

          MD5

          ac46620fb64c6a36107d42b3fd21d2f6

          SHA1

          70d28df64426a04b1e874cd4b064a73822d45bca

          SHA256

          1cc7335e4cef356cd86a03fef8cc00de5efba69b1b3e3447b15de5f16612af12

          SHA512

          e2c955b749ceaf773d42dab6db4b2e56651ffe61a96d6394f07816a56fc5bc3bb2ed7663616aacdcb7886169672e1ae2d2a8e10c8f191a56f7cd984d938ff26a

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          131KB

          MD5

          2d6e7d0a216c802c6c61fa0a880e31bf

          SHA1

          3e371528828bf15c1392d0ca0b79037360ba9883

          SHA256

          73c9aa52748f9f3aa7764c015e5446913c00ff5898cfb39739ac53334634d8ad

          SHA512

          ef0dc4f4c1048faa299847541d2be8054413b169be0c8720f3a21e779f9c6c41677a1dda856cfbb1a795e2ece0239d95f97c1392d69abfb623fea43662418273