Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:21

General

  • Target

    715d7006cc82190bfea1218e4ee4016f83e66a4861f0b0b18f8bd113c736e299.exe

  • Size

    47KB

  • MD5

    8078c8dcc4d11913c6673a89ad3cd67b

  • SHA1

    7ee36c998067cae6428b6888de456d544f77a126

  • SHA256

    715d7006cc82190bfea1218e4ee4016f83e66a4861f0b0b18f8bd113c736e299

  • SHA512

    1e70c8805731aa1fa318f92f8f22ee566a4ed726ef0635bb87a43e3ce745c9ebb4ca36d5348eeb5d10ff3dce57a2fd2025370c49458604dfef8d53c8b85e7595

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzg:CTWn1++PJHJXA/OsIZfzc3/Q8zx6

Score
9/10

Malware Config

Signatures

  • Renames multiple (3728) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\715d7006cc82190bfea1218e4ee4016f83e66a4861f0b0b18f8bd113c736e299.exe
    "C:\Users\Admin\AppData\Local\Temp\715d7006cc82190bfea1218e4ee4016f83e66a4861f0b0b18f8bd113c736e299.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

    Filesize

    47KB

    MD5

    6d12ea58107f79c191b8873a564f2247

    SHA1

    60decd0d8e185c3bcdcfe503c257a940cb23e1e7

    SHA256

    a7ee5ecbf6ac086d7c49a4047a3cc7307ec6fb4f8773c35338c8f10d5cf9ef14

    SHA512

    ef2f0db43d8f4a5ca9bda4e36fac6bc50afd50d91db3e81ea9ebac0ba9df9393f1a03986e202ec52407fc9c91ed3e9d03c9ef26475df36664ec6dc78031604e5

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    56KB

    MD5

    7a3a1c882619d6dcc9fa7137de5d62c4

    SHA1

    624b9c6914483f5d7470ad4318059f5ae1fbf2f3

    SHA256

    e9b8c0180cb20a230556cfa5660cb227a2a1d38a65560ed7ec0c0769894da002

    SHA512

    737ffc69a2b57e9a2d98335834a84f39908da8d593272890382ef3b6dadac9e8a8d3531f53c84b539d6fea3018fada38a1c9d7a0898b8e6cdf5a99862a09d529

  • memory/2988-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2988-76-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB