Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:42

General

  • Target

    79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe

  • Size

    82KB

  • MD5

    766df5a7a4f1ca222bf5d8136d9ce325

  • SHA1

    d7be7b24c9ffcc7da8bd9d64c5c02ff5e5f0644a

  • SHA256

    79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41

  • SHA512

    ae0c10a18a31d0e8217c18ac6466ea19529a721924347a01e796c210496cedf429893ea790869b89250e68a789d5227be71cfec4b4ce586d959a5dc81c4ea019

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t2rt303hHUs5N:6e7WpP9oVLQthbYY9oVLQthbUrt7t2rE

Score
9/10

Malware Config

Signatures

  • Renames multiple (3687) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe
    "C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

    Filesize

    83KB

    MD5

    3dd9caf0a6aee362de0061f31c31d630

    SHA1

    61db2ce254b29cef9949c772fb82e0fb1cc36d48

    SHA256

    6da7cabf5a1d94f9356ca1b53e935a4e3fa00164a0ec6a2cee2df462ab752275

    SHA512

    d0d59895859593042b3e5eaee11603c7f2b0bb79850cde35c0cf1f592a57eeb70c193df90910eea2349bb87b175e18a42072cb4fe55e950ca7919ee007e44a50

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    91KB

    MD5

    e830cdd9922490bf7ddac0a35b451e60

    SHA1

    296fe0c70b7a6362c3f426a47ea1ec8ed4e9e888

    SHA256

    dadaba1480dd69d10b89eff7bdb7d6efa736fb54557c2fdfdc95589d8a7a6ecf

    SHA512

    3a3852f0fec4be65992492af6e601823786d2a156d12185313f83fc69f27fc263fc3ff1c5b65f0498dcf9fd6ce3a7f6114fc791058df36cb5eeed343f0c05c6f