Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:31

General

  • Target

    7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe

  • Size

    99KB

  • MD5

    b1d6dc3a60c0d843c9be05264407d3c5

  • SHA1

    fb34e5ea303620dad146d35babe692ff2f98875d

  • SHA256

    7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813

  • SHA512

    8897da3514d1a8543e4e9f017e2ce99c571ce7e1304aa0776068efa8e53595b677abe4aacde9ef235c91067bd07d822677cabbaccdf232ebde33bf8242e7ea4e

  • SSDEEP

    1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPYX:6rWpcOPxPke+e3fFpsJOfFpsJbgES

Score
9/10

Malware Config

Signatures

  • Renames multiple (3444) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe
    "C:\Users\Admin\AppData\Local\Temp\7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

    Filesize

    99KB

    MD5

    080cb5ed761810f083ea71e0cb020bfd

    SHA1

    3eda532fe1c4b4ad7d24abd66691c58bb79e7ab9

    SHA256

    d491668e0eddd22ed2b12469a9538d5da73b1698f65292655c50cce529b63276

    SHA512

    88d8063442a3f3b75c2a5e3ed71b0a7404cb775f3f5e67014b54a6e87b03d21d9ddb5e42f3473e9cd526ebc4f84f9f19b58ce868f9c1cb85be1d3e474f04d821

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    108KB

    MD5

    806338074419fdaa1462863cdfb904c9

    SHA1

    e54aabcbf0477deb2adff5626c3330aeed1fe516

    SHA256

    2859d55fb8a7e2b628c2e096fd6692dd1f4bc95cff42ec1a9136369863e5530a

    SHA512

    498f9aa3e27572e503ccfdf7e72ae0f24eeb5a9feaccd8d77df1bf5f613ca5bccceea497197d9da120b4e6b02c7275ef17316afe874f076b24dea833aad17739