Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 02:22

General

  • Target

    1da29816344769cb31f81ce81b21c2f0.exe

  • Size

    47KB

  • MD5

    1da29816344769cb31f81ce81b21c2f0

  • SHA1

    9ab48c5e4e54de02ac4e7c93a3a6a9021e466f58

  • SHA256

    01a8b2aa513ffb0627914ee65f22b6944b46c439e7a2d38589ec0fb433327f69

  • SHA512

    4afcae755c86debaf801e870fea0199f123c070abaf76b91cc3bb956f1075ed7bbb38bb11ef8a2c679b9d0b8dc886cf5bc31d681d0d7bfafa6fed94c7ebd7bed

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcB:/7ZQpApze+eJfFpsJOfFpsJA

Score
9/10

Malware Config

Signatures

  • Renames multiple (3733) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe
    "C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2372

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

          Filesize

          48KB

          MD5

          89a578ca1e746ff438d2428eed7d22ed

          SHA1

          e9eedf977cf01da7e588aa638e5b15c8278a6e8d

          SHA256

          ba0d1103f2a4efe9a8cc4dacbcc4961c522718b3dbe83541ece5673f59aa175b

          SHA512

          4761c947dc9772df34029ad6ce368f775701ad4314e730552ca6d9ef98a8f0cea0d7f60fcaeda1be0547990dba5489b72f11492260c82e51eceb9175fc65c87f

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          56KB

          MD5

          b46306702466e5d257b19685e8d0cf72

          SHA1

          5612f62b815a7d3921a11a61d772cb2a5fe72340

          SHA256

          aad0d42534cfe9c2db246715a800c4b5d2be94e3cf49dd8baaec9a5fa9a39ef9

          SHA512

          2c5032f22f82c1afadf87ed6b1e5a514deb2168690a1843ba7e40e682d333ff82d413bf66a4fb654ca428d217b30389b4ee70a4e094d38076a9f12125b1e7dc4

        • memory/2372-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2372-640-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB