Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 02:16

General

  • Target

    1d4dac3e90b40b91d0184fa4f6823540.exe

  • Size

    81KB

  • MD5

    1d4dac3e90b40b91d0184fa4f6823540

  • SHA1

    513e5f69de8d99054153ffb0c679a64a0f2e2e19

  • SHA256

    4bf897677e2e9dfd45bb61bc33f503afb53f8edbf7b17bbdf7060ecb8bc3aee8

  • SHA512

    2b0461d5b700dd0899a2d67a1f6b8bbcf112da47c5595a5b14ab2a916b2113f818fd852b33984643db629ff11d6ad88d8aec159b6d057d8427cb0d8ff5c80968

  • SSDEEP

    1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8A:6DWpwE7oL2e+efZwZ08i8A

Score
9/10

Malware Config

Signatures

  • Renames multiple (3516) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe
    "C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2864

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

          Filesize

          82KB

          MD5

          17a92d5405c73a285d3fb1d1c5d9556c

          SHA1

          d61451de495514dd9047ecc98143c497dc0504a7

          SHA256

          256ac31f04a501145d798fe5870ba452edff961ddcaf0c835682b5fe8d3c6952

          SHA512

          b227e6808398aa9926a91b26c91f71568821c6fcdac6a6f807ada7f48dd90ce1c37f70dc0051183cd9f51d572165d82ce4b22606c655d9a906db57a9cce11c07

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          91KB

          MD5

          2e3a55799bb339bd67110e9e9dddc785

          SHA1

          ac74ef2989f112309cfc0172a2a64f5f5c1a1c8b

          SHA256

          5135375abb79670a25510b6f9ceb2afd5c56b3a7e2a247e07ecc7de286822dd7

          SHA512

          4c1fd371fea1a4c6a837d2eebe2a8081d41ff8378ff97822ae2613a939b2f755ae3259d06fc543ec8b9420045e842b2ca130a8e8893ff90d313f037c9f0a709d