Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:26

General

  • Target

    739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe

  • Size

    56KB

  • MD5

    01efd46b64cdc78eac7af7ea663a6c16

  • SHA1

    61c2ed35dbc6f2568a83f92be37975af8ea85833

  • SHA256

    739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647

  • SHA512

    90928ca62a446a6b50f0ecf88e5cdf92ccd28cb33b3803a1df2d1f991da749c5510a0082798d11330988e5dd61867baa5f6e069b7532c85541682295db9cdc30

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsJOLKc/L:KQSohsUsUKM

Score
9/10

Malware Config

Signatures

  • Renames multiple (5303) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe
    "C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

    Filesize

    57KB

    MD5

    d434bd30868fadc32a0f1f61847ef0a0

    SHA1

    b59f00482406faac9a8fae2f500a1a701d1e2362

    SHA256

    29a17562f6180a98c1639dd9223bc91e63d4726e4997a7b5c6464a2b8177c65a

    SHA512

    873a8156521d68b4cd51293b72dabb35dfc8d9ae55aa89b568bbb4640dbc4b6ae954a887c45a96107aeeef147560300161c960b5f543750692da0a749095dfa8

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    156KB

    MD5

    70e6d316deef20880a3c031e1238fd53

    SHA1

    551db23c053a214d73245027b1ea49cb19ef3b51

    SHA256

    48aef275fbe7d7627d34f8b4d0ec135eec8748016810538c3789d31bacb19e23

    SHA512

    6a3d10fac8a878672e9df69f8e238aa42972d661f615982bc648296ac6eea008fd7d2b5b0aae3884afc12fb8e22a3055d6dcc35fcebd147f5375e0a9c95404cc

  • memory/2372-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2372-1224-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB