Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 02:01

General

  • Target

    1c31c15c9399d66984b53da16c2c2d30.exe

  • Size

    57KB

  • MD5

    1c31c15c9399d66984b53da16c2c2d30

  • SHA1

    fe64d929fada0db66a6ea8f615905546b604c010

  • SHA256

    b9d9397eaa009defc5d0e4c3730a633710976c9c1371f3fb3ca15aa1583b23db

  • SHA512

    9e1805e73b8fed40af6f9044d80ad1d29524b25fc7edc3361c3b844c909afd77e8c3065e3b7203f12c2fc66533fbf6611f0dbd291233900ec8eb48c2c099b871

  • SSDEEP

    192:tACUADIY0Br5xjL/VA7AgAQmP1oynLb22v:GBt7Br5xjL9A7AgA71Fbhv

Score
9/10

Malware Config

Signatures

  • Renames multiple (599) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c31c15c9399d66984b53da16c2c2d30.exe
    "C:\Users\Admin\AppData\Local\Temp\1c31c15c9399d66984b53da16c2c2d30.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2660

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

          Filesize

          57KB

          MD5

          5f99e129ce7a44be0e366c539bc053d2

          SHA1

          1a1a7487f757a2d81129eec24c41ade42aab1c30

          SHA256

          a5321e279583ecdf4b1d481e419eb25e440109414cad1a4b610c4a6c9baa46ff

          SHA512

          fed3accec77accaa433d8aec5449c67d2848277ec17fd546468ba3b730a904f1d0bec933d751c75205067883e6a4e681b56b215ccbeb6250e0dceefa9a8f37ea

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          66KB

          MD5

          4a0b21d37c904e0dcdc64f35c8560c0f

          SHA1

          1a991b80d02a3c08011cca1080434591b18344f7

          SHA256

          edabcf2e19c788c38dc329f8936a08133f9060bc772dc7de3ecc960cec1ceade

          SHA512

          37395ff39442ec997f58b5c3a4afb95d253202aa5995ae2f2e85eb6882597f04f2a69df6293595ce58d0b8c39fecccf36da5f280009dd5e0dbfc5a6c44d7295a