Analysis

  • max time kernel
    149s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 02:16

General

  • Target

    1d4dac3e90b40b91d0184fa4f6823540.exe

  • Size

    81KB

  • MD5

    1d4dac3e90b40b91d0184fa4f6823540

  • SHA1

    513e5f69de8d99054153ffb0c679a64a0f2e2e19

  • SHA256

    4bf897677e2e9dfd45bb61bc33f503afb53f8edbf7b17bbdf7060ecb8bc3aee8

  • SHA512

    2b0461d5b700dd0899a2d67a1f6b8bbcf112da47c5595a5b14ab2a916b2113f818fd852b33984643db629ff11d6ad88d8aec159b6d057d8427cb0d8ff5c80968

  • SSDEEP

    1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8A:6DWpwE7oL2e+efZwZ08i8A

Score
9/10

Malware Config

Signatures

  • Renames multiple (5188) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe
    "C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2568

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

          Filesize

          82KB

          MD5

          f8ef73eefe8249d9dee65435b313686f

          SHA1

          31b84fa3b4a967570a83d44c608c712001b1b2ae

          SHA256

          2cb78087e678b95da874814192d03a75734b7aebb8c82f173920f0c16445305f

          SHA512

          77b08c65dde6c4a0edbcf5cfef5012759f9ffce4eccd00081bc565eedc3a6194a694aba7e4c6191cdac9bdc70dd9193c91f6fb8fac5bb43f5b2400444ac9c7e3

        • C:\Program Files\7-Zip\7-zip.dll.exe

          Filesize

          180KB

          MD5

          6011c39eed9f4f3a0112c24f2e50558d

          SHA1

          2869a9ed6363cff42a1a72ec89f0da19596af724

          SHA256

          4e6d1049c4ed9e579a0fab8ad88c520f5ec09b36129e4411dce8e0e7520a83cd

          SHA512

          18f5aeb8923160d4429864923f88359a5a8985eff9b05434d3eacbb0619d929609d0204d55414d53bfea50ba1164f3b055a52bd4366b2d83aaa4f4f840ac1ea0