Analysis

  • max time kernel
    149s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 01:25

General

  • Target

    1a3c6568eaac319a0c3f0527f2095860.exe

  • Size

    72KB

  • MD5

    1a3c6568eaac319a0c3f0527f2095860

  • SHA1

    3208e6766e67894a0feafbf96a0b138d58f50f0e

  • SHA256

    e0e1b01f07c3bb5670683a2d7c73f28f0585834c3b2907b7b0498af762125783

  • SHA512

    f658536cbccd556b25ab5c4dc30e0ce79057fc44cbb0b42033199bb9b861121dd3eff93e0ede47f801e6df64f029869ba4c0181cb4baccc92cbbd1590f2d088a

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhh:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsA

Score
9/10

Malware Config

Signatures

  • Renames multiple (5181) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe
    "C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1168

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

          Filesize

          72KB

          MD5

          68146c78618ab82c615374125be7782e

          SHA1

          11660177dbb00a44d3de11abf0b4a79369d68fae

          SHA256

          b084d851b47c4ebc10218e1cc8ac231b10fb5dd40ea8b423ce23a366d6708ddf

          SHA512

          ebca48f62c4565cdbe5021b5c8a742f900785c95e8956ee234fa1f6c40b0e7b3cbcdcaab80cda7382969f9980c8aa0836f8818ad8ccd9e8c04b4dac959857a67

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          171KB

          MD5

          b7e733559c62f2ea7900d331c68b05cb

          SHA1

          6eb15e4bcc733d8dfc891edbab7a73f5e16f03d0

          SHA256

          a4707b09fdf4bf70436ccce603b925a55faa0ee502eec7aee2ef95eca0b83ccb

          SHA512

          1e70372b24c31db01018b2465e509ffe4ce9e911780e43cef3bb10eda36bc03bc0a34241bb25542c089e34e1b2486af4108f90bd231f93b7130b24be21db755a