Analysis

  • max time kernel
    149s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 02:01

General

  • Target

    1c31c15c9399d66984b53da16c2c2d30.exe

  • Size

    57KB

  • MD5

    1c31c15c9399d66984b53da16c2c2d30

  • SHA1

    fe64d929fada0db66a6ea8f615905546b604c010

  • SHA256

    b9d9397eaa009defc5d0e4c3730a633710976c9c1371f3fb3ca15aa1583b23db

  • SHA512

    9e1805e73b8fed40af6f9044d80ad1d29524b25fc7edc3361c3b844c909afd77e8c3065e3b7203f12c2fc66533fbf6611f0dbd291233900ec8eb48c2c099b871

  • SSDEEP

    192:tACUADIY0Br5xjL/VA7AgAQmP1oynLb22v:GBt7Br5xjL9A7AgA71Fbhv

Score
9/10

Malware Config

Signatures

  • Renames multiple (5193) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c31c15c9399d66984b53da16c2c2d30.exe
    "C:\Users\Admin\AppData\Local\Temp\1c31c15c9399d66984b53da16c2c2d30.exe"
    1⤵
    • Drops file in Program Files directory
    PID:856

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

          Filesize

          57KB

          MD5

          2794fb7096cc354f09c58115b791dbd8

          SHA1

          552bf5ebfdb34c726394ab78dc083af07250568e

          SHA256

          3cc5ecbf24d88be8e7fb3ba5e96c7ded1648af6c5a0f01848dfb0c5f7fe666bd

          SHA512

          13222ee606fc936903f43bf901fe2840f49c1f8602369590ee50d4c58a58276d7aa0d61ae0bc7a4f7476ab6adc41b16a05b87efdbbfe837f92fe8629d1a3929b

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          156KB

          MD5

          a81d3f36d4ad74868e56b49b50cf6041

          SHA1

          4ed188a83f649d8c4c1f3e28672c09439893f98b

          SHA256

          95595b1ed36483d2d4efaf7474ada7dfb2f48c03416e96d2ee951f9489d2fb17

          SHA512

          8938ae7023fe97f292be62b0661e3b2c6f6640ed9e1260022f17bcbb48570616937b841386e263481a88ec3cc0c4446b9c0ae4d01e5decb65f59759439e61c08