Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:39

General

  • Target

    78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe

  • Size

    45KB

  • MD5

    25e1ca297bab9176df3f52b8e9140b0b

  • SHA1

    8a64c4c962a5cbc001f96f703afc7a226590dab0

  • SHA256

    78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1

  • SHA512

    1aa7d34b8a3c75394fee892c54f4b90675b5679ea3cb771692a8c58ffb319e717ebb36b36c4ff404a0194b0cb6b2999698fd299fec84324a8090dfc90d25d06e

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFO8A8a0A+2:W7BlpNLpARFbhblkYlkuvIYFI0A+2

Score
9/10

Malware Config

Signatures

  • Renames multiple (3778) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe
    "C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

    Filesize

    45KB

    MD5

    d247520b64081c63ebf9fb36cb64b579

    SHA1

    63dcfa71a1b5efea826116ec1887b57b9458ceab

    SHA256

    58f20aba5e89dd9cb446032513c8b4464040a5f3c23186424d8096305fe9ce46

    SHA512

    7f0d29669b8d4e4b78962d0b7cfa2557cad87c70b326204a4edbdb182873dbe30fd6f4b11cbca541d3a555a6e4cd3a6a32206ec76d537e02aa771b373144c298

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    54KB

    MD5

    da957d8a73cb65fef3099f0029a5169b

    SHA1

    73a6f735d46d4d6f5e863e1b1a69d908ad937f10

    SHA256

    dcad629c75a32746089074f87b4b731e2eb2eb83354a3d2932dd8f34780652bd

    SHA512

    7353cfa22578db3edd4263b3c141f151ef84368330dfab637df66f225528d86be85ad7b12e97a4a899eef59f3976e38c438152f3afe52c7683b05813034615db