Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:19

General

  • Target

    709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe

  • Size

    81KB

  • MD5

    99524f0e97132ebb2d26d6075a609a2c

  • SHA1

    e061e2778578083c0a25af4a5b72cbe35d2cd22c

  • SHA256

    709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2

  • SHA512

    efc618613af4027e3128a019b748cce812df0d69ce56f4270ffff4949fbd192d49802e72bcee684c1bf9584619e0b55cc9ce57fa62d5fb5de11483f3a4fb225b

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSW:6e7WpP9oVLQthbYY9oVLQthbUvx

Score
9/10

Malware Config

Signatures

  • Renames multiple (5168) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe
    "C:\Users\Admin\AppData\Local\Temp\709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

    Filesize

    82KB

    MD5

    aba7943b74176484d4499cf684ff1bf2

    SHA1

    f1ad5a7f56e700642906cfcba510c0c1278137be

    SHA256

    4e80273c17e0ee245f7bdc3c24965cee4986eab8b4334aa8368d9e3482e07a05

    SHA512

    ed7b7081ba4bd00128954ad5e974c9b77a4a6569347fbea1991820c186e29d98745277acaf03a0bde1a2f627b54b35d5cb318cb39ff6018175c87f7fa11e829f

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    180KB

    MD5

    c35b2c16069f41a960030f5aa902b34b

    SHA1

    a8815651a0263624d3d35a634e7cd56d74423653

    SHA256

    300c6674394b5b4c01338a1bd44ddef1aa21f218869ff46f5a3fea03c2516edc

    SHA512

    5a8d3443c2743005dbad521d209a37d801991bb5c8f04bae19009a55258b8a7636453762678362df3675e6168e3f06847cec693025caf5d0d70ee1926f82157a