Analysis

  • max time kernel
    153s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 04:02

General

  • Target

    b9e7395823b4fba1a5df241416ca2620.exe

  • Size

    80KB

  • MD5

    b9e7395823b4fba1a5df241416ca2620

  • SHA1

    0c3eba96466523d1198b0eacbba9aa578321a791

  • SHA256

    d5d2b5b9b359f71c3b36d48da613b35d5550fe7df0a08f99367fe7a2e4c0c149

  • SHA512

    718d32ecf6217ea1bec96cee232700e80fa4b5d2cb45fa8b25d99198f463d92ef9fd27bb2bb05d6c3aace86e1032dfe73e50b01b4a483432ebd49aa4d10d134c

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxkqGUBM+PocOQOFPdMRAHAASnnD5D5K:+nyiQSojUBM+PocOQOFPdMRAHAASnnDa

Score
9/10

Malware Config

Signatures

  • Renames multiple (1394) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe
    "C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1368
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4020 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:5000

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

            Filesize

            80KB

            MD5

            1d4cf1ccd946c7634f4c540fcc8d2459

            SHA1

            fa9cbd7ab7b7cc2d61b54764931d70baab67ece4

            SHA256

            fce4f98975d17426b95637b83c2e049bbebf8b71b10b9d40fdaf284ab4cc850f

            SHA512

            522281a1a8d8fa00865848b8c6aedb38125134f362ae146e3f01fb64301e333ee112402656e7eedd7c068fcc823f16a4d511a762d1065ff6b73bbca3e99f6ed5

          • C:\libsmartscreen.dll.tmp

            Filesize

            80KB

            MD5

            e5c5d7303e4d682b6e723a6a556bed36

            SHA1

            df00686c728952f8643d89401eaa4ef8f8a42cc4

            SHA256

            72c18d0670ea6c7eb6c6c906037487d2e4e020fea95f8aa2a689ea7ba378704d

            SHA512

            c467047651c4e9e5a4526a21fb61af2efd3712b73de85b1bf01a84308b044fe9a71acdebbbb01d157b62f19cc261f45bea8ba5c4715a23c430cc8109df866ae9

          • memory/1368-0-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

          • memory/1368-396-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB