Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:08

General

  • Target

    6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe

  • Size

    46KB

  • MD5

    3b4a18df54e441afb80681f3a209b4a2

  • SHA1

    f665f8dc6b8135db6d8543059b8f570be01ee697

  • SHA256

    6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7

  • SHA512

    196cd7b5b073a75e2a04e5a47d09e94a8dd61ab1e74e06f6be5b288546e4ea0b15729188131daa47918e08a9c3aa8e0759dbdd5796bd2aaff19e216beba1a85e

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzz:CTWn1++PJHJXA/OsIZfzc3/Q8zxR

Score
9/10

Malware Config

Signatures

  • Renames multiple (3697) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe
    "C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    20bac7588f38f95504229763e2461744

    SHA1

    ef9909ba1a2f75bc5414cee7d0955294c3253734

    SHA256

    c160be0ca8e2f5ff9dff46cbebf031a8d3b372305acd0dc86e7fae5f93a93e0d

    SHA512

    fd23d07075656f633949e137393bab056ddf0b1df9848e41d80254fedd93c3e47a3725d117d667c1cece7dfe482f867675adbaeedf5dbc72980601448fae3b62

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    55KB

    MD5

    76b0ade0452d9976cdc976b6cac6aa05

    SHA1

    7a501c7452aae66641e6e8e62b039289c6fabecf

    SHA256

    39ed9560851c0878de2e16cefcfd63a31ce9119c491a44ffe6de7c69ca6ad34a

    SHA512

    ed9166ea8f80e140ea3cd44863f6975d64311dc9b5cbff985b50eb3be1cefb4e1a2eccbdcf94b92b5b9538599012103333b90819f87113f850b8d2289865f58f

  • memory/1728-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1728-76-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB