Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:32

General

  • Target

    765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe

  • Size

    45KB

  • MD5

    08fa023a614800c5c2096b5b1827996b

  • SHA1

    54a7ccf761a1f0d79773289485d2f0452e496c9a

  • SHA256

    765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697

  • SHA512

    523e415ae8dba0f53cd7c3eefdb26796e1b521edc295b8f9834173a5385cd131932427b63f973c93adafdd66ea50801e5b7eac9af078cc43d5bafb5a9c809650

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzb:CTWn1++PJHJXA/OsIZfzc3/Q8zxp

Score
9/10

Malware Config

Signatures

  • Renames multiple (1076) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe
    "C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    2e3affe3e70ceb6132a91e268fd0851d

    SHA1

    6045818a3cd35c953d1e2ee2bcb4102cd49f0141

    SHA256

    c2f57170d8be246fec10832581996ab187f172b3a15fdd364f49454c151ffe4f

    SHA512

    f875550e085ae44e8a03eb08fa102ca360dec3817b609e93b72761cdd863fa9f8f2d93e3ae5e135c517571bd9522bec5e0fecd7d9979b3d94aef845590e93260

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    55KB

    MD5

    f760577161fafdd7724099970463fd14

    SHA1

    46d2342d300cd42b3cb3f7eeb480566b386f7d18

    SHA256

    5285adc2d333a40df794f80c646e8949824a0d56843938291a2a60642a19d49c

    SHA512

    d2c1553bcb5a918e51cd5acce768e2dbad1bd446dfe87af0e57b94b87d9e41cd1fbd0d0ba6ce76342b948e807340c02542fd00e726c8edf8fe6240248bfdf657

  • memory/1908-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1908-26-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB