Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:14

General

  • Target

    6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe

  • Size

    44KB

  • MD5

    33ce7d46c7d967719d76a8a55a674091

  • SHA1

    4ac3a9165dd3ee7d70e749126b0d40e1a10153b0

  • SHA256

    6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe

  • SHA512

    2612afc78cacb3cdbdedaab23fdf758fbcb938838b9f03d44ef7145ecc1199f9f4d74c1d2c03d9da43e6261c730e21862da21a1c4a88dd372505169053f0874f

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDB:W7BlpNLpARFbhblkYlkuvIYFWcDYcDB

Score
9/10

Malware Config

Signatures

  • Renames multiple (4086) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe
    "C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

    Filesize

    45KB

    MD5

    91c3838105dad8d667847f91a56e7cef

    SHA1

    37c688fdf0d8a7a913cba0433c2df43c10c2c5d7

    SHA256

    8cc4d2b45aeb298d1273a639e1bf77dd38c585c4111299888c42c9df28c2d93f

    SHA512

    61a99535bd9eb9e25f942fc0558eae544c3b8f0c1d5bf104cc97819fcb9eb7903000811766e00a3b236e2c24719033eee7920e8b6b731c66da7af22ce4e9933b

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    53KB

    MD5

    c8ace47a9f521e8502d8fb698512dab2

    SHA1

    b285f4a5155d17ba03b60184a371731c2d2654f0

    SHA256

    cac0a1c4682ffcfa69ee3944476c1f47a1ac8c519810b48f442a50b12eefe448

    SHA512

    c573b6f4fbcd098665476deb373166d64bfd3dd7dc10999460eb0811d3e7a89a44463257615670f230dc5c51fdb7360757fe75c914b7cf97d7c1924bab7fc984