Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:11

General

  • Target

    6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe

  • Size

    80KB

  • MD5

    368648faf5e1af5dc451aff87084db09

  • SHA1

    3da0d32fca5a44f2dc12084c854b118c6252a4df

  • SHA256

    6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f

  • SHA512

    be9332ee9945cce500bd71dceadfd5ed1e39a5cc48f1ecbcf54bc7110a0afa75421e16a7c523fe59461bca952e80ad493b246d8b9f5f527686136b999b2e8c67

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhF:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsw

Score
9/10

Malware Config

Signatures

  • Renames multiple (5184) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe
    "C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

    Filesize

    81KB

    MD5

    0c418a35e76fa1036eee0f124889912a

    SHA1

    f0ed4792afd5d90e97246a62a0dbdf51f51b6ae6

    SHA256

    33f4f704f9451739049af6d8089a6357f3f9d58cb3cb4739e0ede88a27167e58

    SHA512

    af14dc8d67b327eee5ec5b2615b57bbcbc3e16a3e98ca98f33ab783b59a91454198f73e5f29497badbed0614be64e200ac14610daa4857afcbce437792155ada

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    179KB

    MD5

    9bebacebf238e5b8f26297b0bed54316

    SHA1

    4b10db96164077dda8ded1b0436c51dcd16c57c9

    SHA256

    8df8115fec07a4d6a2a2b6db39f7ce42db995523380b6be68da9c432cc427677

    SHA512

    0e2308f96f0fc35d4e838a8f774f6edbb00898b0df3f62b866a666c27abae705181c360f987db77b288de93ec28d57be296700d1917919409f8edde0c54fee58