Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 23:44

General

  • Target

    7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe

  • Size

    59KB

  • MD5

    aa6431565f4dcbffc10f4686771ccf34

  • SHA1

    cd61034af1b6c8371ca70101e97587e5dbe6fcde

  • SHA256

    7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa

  • SHA512

    ef7286d9cf2d6a448f00ff04e35682036686ccc692395262a82277c3cc865367fc0fd867fc847904f1f277527f4c23a0c452899ce7650cc42648163b384020b2

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2Iz:KQSohsUsWU9BK3z

Score
9/10

Malware Config

Signatures

  • Renames multiple (5271) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe
    "C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

    Filesize

    60KB

    MD5

    ebe97b029c3288e24c2a0d5114ccaf5f

    SHA1

    7ad8700137776cb5d1b958055486f0ba4a7728d8

    SHA256

    b399af7ac00118a9247f8c19cd606844e43a455916306e21f423a7663b03d37c

    SHA512

    36a35691d4d9c3bf8928a255f3ff0306b99601a804e52f722f7453dee693601bc1a3c748c74fa2ee642d5da62c96393405ecdef280747fad058f54d7ec19abc7

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    158KB

    MD5

    9fdaa42c95de610154c8e9d64e07cb45

    SHA1

    a6d0c525510475ae3fa07b3bb78f4a8db793ce81

    SHA256

    81835c3e30bd9978ab9a2ecc3a0e8a3f40c5ca8cbbf00f7a7014ad4a0165fc70

    SHA512

    ce355d8b9c4babce118931d1255ca66d4523abc294a404e823ef1ce1fc66049eed83c25443ed00dbf8786220cbbacd8d792700f9095b1f150dc4e75214e6e1e2

  • memory/3552-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/3552-1214-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB