Analysis

  • max time kernel
    150s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:04

General

  • Target

    6981d3ae4b84361536cc3c2079b54da9981958318cf14fa3d0dab3db85e6168a.exe

  • Size

    83KB

  • MD5

    0c7eda5da54d685ef9468576867de416

  • SHA1

    e8153b4dd90914af0d9ad6c5f73c5255300e83f4

  • SHA256

    6981d3ae4b84361536cc3c2079b54da9981958318cf14fa3d0dab3db85e6168a

  • SHA512

    fe06350d03f546dd027e8abdeceb04ee8eae309db5de7c2acfea1e9849bcc761d6c1c52d13a03ff5194a910a103be9b870feb0eb126a1ba8f11785adfd83d2ac

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhr:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsq

Score
9/10

Malware Config

Signatures

  • Renames multiple (5184) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6981d3ae4b84361536cc3c2079b54da9981958318cf14fa3d0dab3db85e6168a.exe
    "C:\Users\Admin\AppData\Local\Temp\6981d3ae4b84361536cc3c2079b54da9981958318cf14fa3d0dab3db85e6168a.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

    Filesize

    84KB

    MD5

    1a4a2dc37b1c3f66dc53ffcf622da288

    SHA1

    f257da3d15cbd21d8f981910bf5998ca61d208c6

    SHA256

    51021432602e35940ee08c028297a6e447501c7c4cfc75e3127ec846f2d2a32f

    SHA512

    31d64c816fb74484c650372a5d3990d82edf41012b1d67d3a7e730744283075590e8a03f12ab75eb6072b06a301c4846c91d9ab2de4e5b87a26abdc308046866

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    182KB

    MD5

    0b4ec02fd1aa644fd23823fdf95f00a3

    SHA1

    acfbdfb5ab42d05d5a864f9fffffe4b859a4572f

    SHA256

    6c212b426a50cccf0656f27e575f729d34035c3749f257ac7d51acdbaff520ec

    SHA512

    133d26f82b1336968fc41ee4ca84cce1156c894c38f7515ca2616d0bb0aa1dee0d0180a3568a001557a0fea43df989f4d2e5b7109e14c0e2cc0dfd14c3d62e71