Analysis

  • max time kernel
    149s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:39

General

  • Target

    78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe

  • Size

    45KB

  • MD5

    25e1ca297bab9176df3f52b8e9140b0b

  • SHA1

    8a64c4c962a5cbc001f96f703afc7a226590dab0

  • SHA256

    78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1

  • SHA512

    1aa7d34b8a3c75394fee892c54f4b90675b5679ea3cb771692a8c58ffb319e717ebb36b36c4ff404a0194b0cb6b2999698fd299fec84324a8090dfc90d25d06e

  • SSDEEP

    384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFO8A8a0A+2:W7BlpNLpARFbhblkYlkuvIYFI0A+2

Score
9/10

Malware Config

Signatures

  • Renames multiple (5185) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe
    "C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

    Filesize

    45KB

    MD5

    c3eea1dba51168382e157d6ac146d017

    SHA1

    05d7ed4f3114ac06dea8f1e15855b4aa530e3113

    SHA256

    b40872b7c550c4ea570739cd291acb5fa2f3d52e9adc0339d5cd40da37723e51

    SHA512

    868d70e6dd98b97432d37bd467c75a793219f43a23c3525942508a36a5f7fe78f3be4861c6ead57991ef15c726a2d9dbbccfdcc6cbca62d95c19b83bc1e10fad

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    144KB

    MD5

    7317591909127719abb08041b6e6e663

    SHA1

    7bb58d198745301f4e215edc98363f1a783fa00a

    SHA256

    b7f00a6d872762d06e1d333001d773a59a4da8e31cca13541424818511e8b6b9

    SHA512

    da8e6e4d0190e3527ec292dc01060045c0afc66f9795c7c1d85a2a9702d8503ca7d0f69ce702b27906fb0b37d7452dd760b457f7f555606159a9c65bc0aed7cd