Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:22

General

  • Target

    7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe

  • Size

    46KB

  • MD5

    3c0b11a29002359ee02ff0122cbe8d87

  • SHA1

    fd6b43ec64c2e6ac33ea2c93e983febf495984b2

  • SHA256

    7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8

  • SHA512

    1f14f6f2eda12e20e82c417dcb3e331a172838fb791b53808a18a2a5f7c9480946965f09cea5af1caff0e63210a14be55b2597653565fbfb1bd038881613f1f4

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNH:W7BlpppARFbhWJQiJ

Score
9/10

Malware Config

Signatures

  • Renames multiple (5329) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe
    "C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    98f54af2cf999e0f2426181f4eef76bf

    SHA1

    722b1bb837d64b668c0dd139a069cfdac29af127

    SHA256

    254eae1fcdd6be88ed81e7ce7a1ffb44a73eac0b947353fa2eab4d58cb3318b9

    SHA512

    5d8db8df2dca82b39769f42b23d1fdc5d8b00fb66a5224935ffb38fe914df4ad00c4525c73346f406dd5c29a087402fc12eba8e50ab746ad5b28cbacd1a70346

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    145KB

    MD5

    9ab9984c0ca07336233f7c7caa101f11

    SHA1

    eb738242feb8ffa46de37d6957f6331c088f599b

    SHA256

    8d0e5d66aa2aa7a684b4f3c57af86fe6084cc1c86c67b8ed8302c3c2592ed2a9

    SHA512

    ec2c700c5f844d3027bf2471a1ec0df77e6bd6bdec72ebd36115c7705965e520ba46621c398c4935471524ed0879037ab476b938fdb3cc6c95ca8d362799fcd6