Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:36

General

  • Target

    77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe

  • Size

    98KB

  • MD5

    6f1c5ff7965d096afd350c50fe28dc0d

  • SHA1

    160816833d908ab689e40d9b7c847f06fa76a438

  • SHA256

    77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5

  • SHA512

    def8069d3ce7c462219bb0a82a124536a5719ab14a7297c44c29c0fcd406f493a0dd12cc6c67b72b93a1ff3504095ef1b5af7051673aa707deebb7e178bd799b

  • SSDEEP

    3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB8:PqFF2Ie+efsim2f

Score
9/10

Malware Config

Signatures

  • Renames multiple (3515) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
    "C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

    Filesize

    98KB

    MD5

    e8caca221c069929ce6c31443221bbd9

    SHA1

    71113c0e573ba94dd04974ebaa69e25f170837a7

    SHA256

    fed5a459bd61e12b05e98ee602f544a60c7d607149b02bf59252353c475ca165

    SHA512

    b4e5c9ca9a60fe6e8ac29e29d7d21c1e82e446e2d05a5c4a807898bb2900e05a342cf5bb0f646f00f630a749b6ac480cedfb483d1bb381da2c8ec4a457149cf3

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    107KB

    MD5

    b97a017b5c40969ee615f987e8ca3d5e

    SHA1

    3c0e49885519cf251db984c08ce85aefaac725ba

    SHA256

    130144bf224ce0a3c3d4e60df0baa8e5c7cde27fb08df2d03da0f9396c36c5b3

    SHA512

    b5a3d5c0a1fc3da28c9a5633f263bc1b53e9e7d7017d5b5a25a30654c3d31f47143d7264253426a0b4b28e69e3e8cd0df1ffc04a0c3dd689b72108dfd5797d47