Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:17

General

  • Target

    6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe

  • Size

    101KB

  • MD5

    6f2cbe20dab2e40e882e5bc647e0f30e

  • SHA1

    bc28a7564ecd6237d6e1c558386ec846336f9145

  • SHA256

    6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa

  • SHA512

    e9cae7ea62ad4f0e0f2ff660d1ac0957f3ee324bf7dc7697d1f1551c2aa13273fa5bf2d2d6ba7c83022d71d70e110c7624549fc2a4355ece69152a9b46325814

  • SSDEEP

    1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPbbIbj:6rWpcOPxPke+e3fFpsJOfFpsJbgEG

Score
9/10

Malware Config

Signatures

  • Renames multiple (4863) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
    "C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

    Filesize

    101KB

    MD5

    3f6116bb5e2382eaaf67af58f36712a3

    SHA1

    bfc27b225b6538fc9c3b2065d85f91a754d90466

    SHA256

    5c9df6c449a8000a2b9aa68b3c0a004fa80108e1ed8177c201797ccb27dc5e9a

    SHA512

    160e79a0a7db63b7539c34c4170d1607bdda9495092f820fb282cc43eefe8764ebb5eded7ccaa1f50700c6ff846457017f790b68d5e22a8066fdb251d36a60a9

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    200KB

    MD5

    2f96aa33274f688519b610adb088deda

    SHA1

    6d55041d6e55e69a4410b5b2ed52b246fbf4159c

    SHA256

    25b1c40729a93933ee0fe2de741f46333f794e8a6bd8d7183a06580e5f172f14

    SHA512

    28c22bf47813024138caf10d452c7dca89662df714e1af3080f9a9608455d6da09a0e4f9665a23a136d6568a2197ed6a6b1b569ee6e90586273131a6764e4306