Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 00:05

General

  • Target

    834e747d112c36d6d7fa2d49792534b0a4f4078c1a69905e8e82a1a557f2cc29.exe

  • Size

    88KB

  • MD5

    02c98e9994340f35b2c8bf964120e92a

  • SHA1

    060a5101476f37ef4c6f67ac05a5d25b019d34e1

  • SHA256

    834e747d112c36d6d7fa2d49792534b0a4f4078c1a69905e8e82a1a557f2cc29

  • SHA512

    3170e25d86cb7a0e271691acd73ea5c74e16a756d95e1ba1ffbd5321d4a40cb8bb6ac8f60d1770f2154b04e4265bbbb0f5bb7260f352798f711b56726c17451b

  • SSDEEP

    1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/80PqPXW:6DWpwE7oL2e+efZwZ08i84

Score
9/10

Malware Config

Signatures

  • Renames multiple (5200) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\834e747d112c36d6d7fa2d49792534b0a4f4078c1a69905e8e82a1a557f2cc29.exe
    "C:\Users\Admin\AppData\Local\Temp\834e747d112c36d6d7fa2d49792534b0a4f4078c1a69905e8e82a1a557f2cc29.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

    Filesize

    88KB

    MD5

    be3d8129d1d74244139fc397f1b282bf

    SHA1

    6b3e72039f7ad41b908925ac731e27f5821997e0

    SHA256

    09da2edbeca02b4202f61f7ac2286111729158a1d27d177c52aa99d4bbb37d46

    SHA512

    6d7187421378fd5e1e2f15f7649a7e35aafe2c565e6345ffc4f2b2dd3c70495881f8a21ee47f9f2b41114a80c9ab919851d1a7f6292a9a8cfa33d6ab755d363a

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    187KB

    MD5

    ccd17543f8be6dc24118a07156c422e6

    SHA1

    4a3701f409a2585d45b0aecf5f08ddf74e1a95b2

    SHA256

    8e8c36336833b703e746c10fb1ce17d6abf3af3fc9879e3e524218f5e895f6c4

    SHA512

    7513182e16ac8171405a6f83a181f93218ece022c0bedd3f72d8b981f077b1a97fe55a8e913aec1da6da67617683e4ef75d04f2671f3d4ff405e5587df8e7417