Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:22

General

  • Target

    7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe

  • Size

    46KB

  • MD5

    3c0b11a29002359ee02ff0122cbe8d87

  • SHA1

    fd6b43ec64c2e6ac33ea2c93e983febf495984b2

  • SHA256

    7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8

  • SHA512

    1f14f6f2eda12e20e82c417dcb3e331a172838fb791b53808a18a2a5f7c9480946965f09cea5af1caff0e63210a14be55b2597653565fbfb1bd038881613f1f4

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNH:W7BlpppARFbhWJQiJ

Score
9/10

Malware Config

Signatures

  • Renames multiple (3789) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe
    "C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    88c8b457a90a25a744cb8d34ef755a74

    SHA1

    c54ada920070250a5fbd6403ac048cf379361bd9

    SHA256

    84e17bfda570eb07e8631992bdb843f5adfc78a17306ab769062d567033ee734

    SHA512

    cda9d9381ec80918e790d55529088e333cb426182e2b36353794ec2787094f84de84f4b6fd7c42d1d4290d3463f4eef0d4f44f4c82ba256de4989e8fded50c69

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    55KB

    MD5

    e028eb74946ab7d96c894a0bd065201a

    SHA1

    4339b59c803417c5d8e9c5302bf01128c5bbd4a0

    SHA256

    8981ed046c1f49b17a061e3f9db385669ddb6739cae8e732867efea0f1b54f43

    SHA512

    efd94c609b76bed61c95b746fc847c7c3733f259cc58b91c7df0dff340cb4629a6db1fe66dc5a4930aea44bdc281d029dcb71f78afd1df63f6d639ba3aedda3f