Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 01:25

General

  • Target

    1a3c6568eaac319a0c3f0527f2095860.exe

  • Size

    72KB

  • MD5

    1a3c6568eaac319a0c3f0527f2095860

  • SHA1

    3208e6766e67894a0feafbf96a0b138d58f50f0e

  • SHA256

    e0e1b01f07c3bb5670683a2d7c73f28f0585834c3b2907b7b0498af762125783

  • SHA512

    f658536cbccd556b25ab5c4dc30e0ce79057fc44cbb0b42033199bb9b861121dd3eff93e0ede47f801e6df64f029869ba4c0181cb4baccc92cbbd1590f2d088a

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhh:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsA

Score
9/10

Malware Config

Signatures

  • Renames multiple (3690) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe
    "C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2236

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

          Filesize

          72KB

          MD5

          78724dad9a56973e3d2aefd1922280f6

          SHA1

          af4eccfaed429b2f1f338ef3ffbc87689d6e80a8

          SHA256

          3b60457dba74d5405f1deb476084153733652653bf35ae82366e9b08e085069b

          SHA512

          572c87004f5299d64a4a5e1100d709dfaa6cd2e6b1f343b936ed85321cc1532872c8e7397e4197235d2e53c9a31146416b2f9150bb4bcb0a03e097f1274479a9

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          81KB

          MD5

          519b9da5513896afe6e9b652d76d8e72

          SHA1

          ed15d0e9a2b09dd93faa1d425b3fba5ec5b15630

          SHA256

          e24b53ae35437c7e4de9099a53fdd5c6f091ce887ca9233f9db10228a9d636de

          SHA512

          5bcac4ba3ac43a4b439501d74e576f9f05ca6fdd93c775157c58fe4e67861556db3d9c9d3ad8a28ffb9fe321e957e4e6d013cb2c9ca4e8a4c350854eff2ab7be