Analysis

  • max time kernel
    150s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 01:54

General

  • Target

    1ba50dcb10db9275f3e0825385943680.exe

  • Size

    116KB

  • MD5

    1ba50dcb10db9275f3e0825385943680

  • SHA1

    144a934a6cac107d2498c2c8df15478c80aecc00

  • SHA256

    0c8b0a51a90659ff50855c4e4fbd5e99c9e8e253be2539bdb2023121d659f436

  • SHA512

    378a1d70858ca4f15786d6044c260360d9dfcfaaab5e33be9d35b8cffb5f9ed3f037b7cb6303e5c201443ab447cdac4e96cb151f20f03d4e15f7dcdf6503b8e5

  • SSDEEP

    1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfag4:hfAIuZAIuYSMjoqtMHfhfagPvY

Score
9/10

Malware Config

Signatures

  • Renames multiple (4848) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ba50dcb10db9275f3e0825385943680.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba50dcb10db9275f3e0825385943680.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1128

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

          Filesize

          116KB

          MD5

          e50e197f025b5e4bf998fb86a17fe7de

          SHA1

          3ad2b6b8b4a7845350ba835eeaf742bda58e60ef

          SHA256

          d1e58880a79c050a367078c70860e33199120d94838b5c840284c616c1f3235e

          SHA512

          c7a2df0ab5830870449f36392d2005b6c1815b7c948355c8645e606fc9fd8c5d2c40245ec9775ac14c05677a5ea4963aa0aa9efbbc55c70969501c84d55a73f1

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          215KB

          MD5

          83cac510e19bf375b7576d72e2bfce74

          SHA1

          74be48259a58beaf7518489ab857aae9620a1b49

          SHA256

          bdf36b1aa0e16dcae7238282627ec4856fd190b280d204dc12f6afaf95b6a6db

          SHA512

          032d358c46357200028f610badf9600a1e632fb284a5691706172a4f070bf8f6335e9ffcc2cc14406970e1b0ad051f3064dc64dbbb01bfca0347f6b6aae49dd8

        • memory/1128-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB