Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 01:36

General

  • Target

    a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe

  • Size

    92KB

  • MD5

    4612de26fb930a321b0ab8c2365445fa

  • SHA1

    b783563db3dd7301b77433928cf542c33463ec4f

  • SHA256

    a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b

  • SHA512

    dfa59052dcd67bd878153ccb0f139cda0f4a1d7bd7d03f522458b17bb11c8e44a08d45b4e479add92bb940a136eb55d8ba5d67049f773089571839eb0a7697d2

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IBi/:fnyiQSohsUsWU9BK3BW

Score
9/10

Malware Config

Signatures

  • Renames multiple (3459) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe
    "C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

    Filesize

    92KB

    MD5

    485b45c1c0b2c36f963a9485b7d0bf70

    SHA1

    99c1eebef5238befe6d23d63de0a717dfc53c6cd

    SHA256

    05b3c6d65e4b7416e8ee96ca13732e81913b01602d20e0b825b9ca6e737f91b3

    SHA512

    38bb6e597bc3e24e044c87b870329265ece1365532497dcd51941dd3334583af858f38885f0eb13e6e6d701ef58a976aad26505b1b6f4c4c6a8272f49ad719f2

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    101KB

    MD5

    5c1bca18139a6a7b721b2237b88176ac

    SHA1

    483b2ba04be6b7d2e9d67d8e9541288f7a601934

    SHA256

    8f663dfa786dd7c5195196c96c940ffdeb00febf49c005c4b901270d443f6a5e

    SHA512

    e35695f8412aa3de400eb174f9f9c3dc1d3b8799f936b4c11061a72319cd201a36afea6e59e09b4c8951d3c9d88953520fb6b614f8c25d5e88df8a06ef2c59e6

  • memory/1232-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1232-646-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB