Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:34

General

  • Target

    7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe

  • Size

    76KB

  • MD5

    05c5784ee7f38d17964cffe07cae3d4d

  • SHA1

    d1802d91417991727c223ff2e7ccc8353d0b02a7

  • SHA256

    7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5

  • SHA512

    fc2f1db49f64fca4f4009052bae32f5dda197a05e3478bf3b7de410ad5c50b2990dc47a23e268d342b55fb241698e076f6fefb4feeb061a893f733794a8c670b

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEho:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsp

Score
9/10

Malware Config

Signatures

  • Renames multiple (3769) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe
    "C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

    Filesize

    77KB

    MD5

    8877eaa48e6169d8bd3bcd564a6a1c56

    SHA1

    06364b3cdb554b46dd9215de20ea0867b711aec5

    SHA256

    308d3c857a8a2caebde5f548cd1c6f236affa4dd47008136d1e1e7d4777c2ca9

    SHA512

    7d29a7eea1d7aad12fde6dd32410d50356d0997651521b346de2ad3a6d57fc089a53af9cad2428ea02bb253a40a816a61b14748614d48ca075d380d295998622

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    85KB

    MD5

    052ed43420aeee49f14ea892b5a57c22

    SHA1

    e9d52492d7c9e0531c722dcb960c770861f96b7a

    SHA256

    76c4bfd2ac0f5e6a9b5ab50d578de354bfb317384f8a6657426765df2d04a1bd

    SHA512

    67c2f3f431aa31255b3546cad565982c6c26ae83006d1ad98b55b026d830a7785da68a9db843bf67737df54266a0c3c5abb3527ebd2d8d4b9d7425c1e9430290