Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 02:22

General

  • Target

    1da29816344769cb31f81ce81b21c2f0.exe

  • Size

    47KB

  • MD5

    1da29816344769cb31f81ce81b21c2f0

  • SHA1

    9ab48c5e4e54de02ac4e7c93a3a6a9021e466f58

  • SHA256

    01a8b2aa513ffb0627914ee65f22b6944b46c439e7a2d38589ec0fb433327f69

  • SHA512

    4afcae755c86debaf801e870fea0199f123c070abaf76b91cc3bb956f1075ed7bbb38bb11ef8a2c679b9d0b8dc886cf5bc31d681d0d7bfafa6fed94c7ebd7bed

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcB:/7ZQpApze+eJfFpsJOfFpsJA

Score
9/10

Malware Config

Signatures

  • Renames multiple (5303) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe
    "C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2956

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

          Filesize

          48KB

          MD5

          deed24c118139c3c0baf740aa1c5418f

          SHA1

          101f205f462f5cb6f646c1f28ac4ca9c4b2f2cce

          SHA256

          eb835f80831939867e57b9c7722fe73a84704c984770d4233cdd06b68c6f0ac3

          SHA512

          3ae4ada66732bd87742206df0aa210c8ccc8e0ba2907e45e22493cb67329073b4079f80d44526fdd51771fb70c4dd8c9d16cd785bf6cd3a3fac0be8321771c0b

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          146KB

          MD5

          fbd0c6a6e907a43390aac6b2d77acd3c

          SHA1

          8dcc2c93f4999641eed1360f10ce6e28afc3e5fd

          SHA256

          5b3481b327675001690004f7b8a6343ce5e2042f6c634bf04560f6c968e053f3

          SHA512

          e4981ec3c5dc6c564f3898765f6b1f9db7514b7c55f4f07ce20063fba1f9a747588523b977348c697d7a076a339c236f7ed0e3bd36c09c76089102944aa93013

        • memory/2956-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2956-1982-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB