Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 01:54

General

  • Target

    1ba50dcb10db9275f3e0825385943680.exe

  • Size

    116KB

  • MD5

    1ba50dcb10db9275f3e0825385943680

  • SHA1

    144a934a6cac107d2498c2c8df15478c80aecc00

  • SHA256

    0c8b0a51a90659ff50855c4e4fbd5e99c9e8e253be2539bdb2023121d659f436

  • SHA512

    378a1d70858ca4f15786d6044c260360d9dfcfaaab5e33be9d35b8cffb5f9ed3f037b7cb6303e5c201443ab447cdac4e96cb151f20f03d4e15f7dcdf6503b8e5

  • SSDEEP

    1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfag4:hfAIuZAIuYSMjoqtMHfhfagPvY

Score
9/10

Malware Config

Signatures

  • Renames multiple (3441) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ba50dcb10db9275f3e0825385943680.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba50dcb10db9275f3e0825385943680.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2232

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

          Filesize

          116KB

          MD5

          658311d5f841c9e977c7529737634140

          SHA1

          f21f914c8786db5bc1d05d2dd12e1c10b8395762

          SHA256

          a843773b7fa5e6b41c559ef6a8fc96b212293da895c4e4ff519a7ee349b2207c

          SHA512

          5c1cc97810c444b2413fe38a44d0cafa041cfd3e1976a81709bd0a4a8c8cc348c979e3637eaefe4a33723c9e60c33730c1298f75fc1df0a7dff0ba45e5152bac

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          125KB

          MD5

          d19f18b09a5916587279a48924399630

          SHA1

          a84729f5a75d0a1c3f2e4efc215f780d5cda8984

          SHA256

          aa27e6f375e3f9cba75290f46252fe2e703d9694fb95c85beb37b0481409f195

          SHA512

          e9bd71f786c44dcc2d95799bc20b511238d2284a99524ff39b1d44b1e55dcbcb028c78a6f94fe5ed1b0438439d2bafd85fb7f11e88acb9bcd6b6f58d3330eeab

        • memory/2232-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/2232-86-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB