Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 00:05

General

  • Target

    834e747d112c36d6d7fa2d49792534b0a4f4078c1a69905e8e82a1a557f2cc29.exe

  • Size

    88KB

  • MD5

    02c98e9994340f35b2c8bf964120e92a

  • SHA1

    060a5101476f37ef4c6f67ac05a5d25b019d34e1

  • SHA256

    834e747d112c36d6d7fa2d49792534b0a4f4078c1a69905e8e82a1a557f2cc29

  • SHA512

    3170e25d86cb7a0e271691acd73ea5c74e16a756d95e1ba1ffbd5321d4a40cb8bb6ac8f60d1770f2154b04e4265bbbb0f5bb7260f352798f711b56726c17451b

  • SSDEEP

    1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/80PqPXW:6DWpwE7oL2e+efZwZ08i84

Score
9/10

Malware Config

Signatures

  • Renames multiple (3500) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\834e747d112c36d6d7fa2d49792534b0a4f4078c1a69905e8e82a1a557f2cc29.exe
    "C:\Users\Admin\AppData\Local\Temp\834e747d112c36d6d7fa2d49792534b0a4f4078c1a69905e8e82a1a557f2cc29.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

    Filesize

    88KB

    MD5

    191507a30c2d8a7eecdc8c5a947308da

    SHA1

    158ea8d0997517879324e9161a5c43125be16367

    SHA256

    5aee58bdaaa33bec610faad5ffc415a3df0401a3a7ea8d3bdbbfef7c5233bc34

    SHA512

    7f43df5aab322a251f190642bf4f641ed1626758303100cd7c0306d2151df77716e4f9510852e290f21c15899c63eb2f056f676f6d1a23ccb5db1a709de813a0

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    97KB

    MD5

    0ea3d85dfa933aff4dc0fafbc725b089

    SHA1

    137619c9425512a519392fa5f8b30c65a4a05610

    SHA256

    b600973d9f9d3c9b22426c0910876a901108cbbc5f95836c1714dded034ced9c

    SHA512

    344758b020210d4a97f55a745ddb28b343a457f54988e893e119276fd2950898cc14076a8dfc74ed82255b54dbdc418e20a7ecb43385792d3132fd0f76cf769c