Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:14

General

  • Target

    6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe

  • Size

    44KB

  • MD5

    33ce7d46c7d967719d76a8a55a674091

  • SHA1

    4ac3a9165dd3ee7d70e749126b0d40e1a10153b0

  • SHA256

    6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe

  • SHA512

    2612afc78cacb3cdbdedaab23fdf758fbcb938838b9f03d44ef7145ecc1199f9f4d74c1d2c03d9da43e6261c730e21862da21a1c4a88dd372505169053f0874f

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDB:W7BlpNLpARFbhblkYlkuvIYFWcDYcDB

Score
9/10

Malware Config

Signatures

  • Renames multiple (5270) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe
    "C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

    Filesize

    45KB

    MD5

    63fdc4c8650d4f700fb75ea99932b2a8

    SHA1

    53271d672ff4078630f407e29bf291eae4fcf4da

    SHA256

    4962aa7a5947e5d8aa1258498ed2a29817f875bd69040f3d0d5a6c0158673259

    SHA512

    54f44b70f60b9f6ea734be9abbe1a11108816b7bfb997a2ac91b288aae5cf1ffba6aead289f6179db99808623b496df1819deb1a677497327809746db14325b1

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    143KB

    MD5

    4c2b0b5a63f4743a915665676cdaf0bc

    SHA1

    7872a13db54a61bc08ceb28c17e3430f738e3923

    SHA256

    d6f911d67c2cf05365ba0e44ab58e7a2f048766cdd2f68984a01eca9bc6e1eb3

    SHA512

    fefa5583436ac3f2cfc06e97f5033df408cea21fcb7ec82b58e57aa4fbedbe2930c02faf64166ce08ccc258d5556bd7c0ad478203b6e835a5024b4faea557cb0