Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:04

General

  • Target

    6981d3ae4b84361536cc3c2079b54da9981958318cf14fa3d0dab3db85e6168a.exe

  • Size

    83KB

  • MD5

    0c7eda5da54d685ef9468576867de416

  • SHA1

    e8153b4dd90914af0d9ad6c5f73c5255300e83f4

  • SHA256

    6981d3ae4b84361536cc3c2079b54da9981958318cf14fa3d0dab3db85e6168a

  • SHA512

    fe06350d03f546dd027e8abdeceb04ee8eae309db5de7c2acfea1e9849bcc761d6c1c52d13a03ff5194a910a103be9b870feb0eb126a1ba8f11785adfd83d2ac

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhr:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsq

Score
9/10

Malware Config

Signatures

  • Renames multiple (3520) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6981d3ae4b84361536cc3c2079b54da9981958318cf14fa3d0dab3db85e6168a.exe
    "C:\Users\Admin\AppData\Local\Temp\6981d3ae4b84361536cc3c2079b54da9981958318cf14fa3d0dab3db85e6168a.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

    Filesize

    84KB

    MD5

    106a23c14d0f04fc3d38ee3865572819

    SHA1

    bd4322875575a5060f1db1b30dfad060319360e9

    SHA256

    cf72d802a42717772dcbc806b4cfdf96da26fd9beb08562def38e0489c0ddc9b

    SHA512

    10849e340999709bd1ef12caff890ad1bd9296b14add80907aa407e4c93005f71aaaef0814701892e3b7761185ed17e4fee14532f3cb7ff0ce1defe4c5ab7a36

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    93KB

    MD5

    dc3030ca109a24606322e3726b5fd5db

    SHA1

    70abdfd6a120d98a3f12b802ebefc479ffeb49f8

    SHA256

    167283eab298a6426a8c7e8fba08d739daa5943f4b9d170a5b24a9dc5e11c3fd

    SHA512

    de04b14b8070a344e201224e0442188bc2767967d4648ea1c73837c53d89d6bc46dd872d056409254ee0394bdeac707d929b77b3477b0c14d1ee7f1140bbab8c