Analysis

  • max time kernel
    149s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:42

General

  • Target

    79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe

  • Size

    82KB

  • MD5

    766df5a7a4f1ca222bf5d8136d9ce325

  • SHA1

    d7be7b24c9ffcc7da8bd9d64c5c02ff5e5f0644a

  • SHA256

    79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41

  • SHA512

    ae0c10a18a31d0e8217c18ac6466ea19529a721924347a01e796c210496cedf429893ea790869b89250e68a789d5227be71cfec4b4ce586d959a5dc81c4ea019

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t2rt303hHUs5N:6e7WpP9oVLQthbYY9oVLQthbUrt7t2rE

Score
9/10

Malware Config

Signatures

  • Renames multiple (5194) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe
    "C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe"
    1⤵
    • Drops file in Program Files directory
    PID:664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

    Filesize

    83KB

    MD5

    e2203197767e1308a14aa12e783848c3

    SHA1

    a21ed7eaeeb7638a4375ac536130f83b6820ccd8

    SHA256

    b0deacad61cb4c44fd671bd9ce19feceb6a14b0f387054e7cf076230e8a92ddb

    SHA512

    6ab59cd8cc9cd62f189e31db4553482eed15b053d06c819f4c0033650b146aff7be97cf5862b0cc48e74483f49e2398c9ad3ed30df4d55b1e44eb97d8a7e1c2b

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    181KB

    MD5

    6f3d68c50cd2317cc626eb8dc5be77c8

    SHA1

    7b14c2b2c92566c5c711dd9d9b3084facbcdf263

    SHA256

    9576a9232be728dedd96b22cbfe6a66e2786b5d9e9465d57e05961129335ecfb

    SHA512

    94d4e015fd381a646cef2b989e97c364c42428e7c18c849183e9fbc0ec3c41a04a9fa36bafd10e6d5134ea5bf1cdd5ce0b2f1de29eb975e7f53b1a1f12512596