Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 01:40

General

  • Target

    a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe

  • Size

    85KB

  • MD5

    02b78a00c3b0e1fc1451c31e07dcde3d

  • SHA1

    cde2662b56b1a877897618b5f77dced2e0472f0d

  • SHA256

    a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90

  • SHA512

    4b0b1e1704843e2ec8882cd0c3e287c5057db1cd1381373a003169cc3b5a357f7636c0b3d12ae0987bd0d756249b3915b43a3367998a8f562beff291b475edf9

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2Id+W+o:fnyiQSohsUsWU9BK3R

Score
9/10

Malware Config

Signatures

  • Renames multiple (5089) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe
    "C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

    Filesize

    86KB

    MD5

    e2a934230f596579b8c36375935f1141

    SHA1

    88bf16e8f52d7c5fb349424b26a96e401c36f964

    SHA256

    0e1594084a1b5ccab7e81b325a6fa63e40cc86e91c6203214bbe4bf20424a41c

    SHA512

    7891d51ec74b63eb593a992e14b8acd3f91a11442edfbc1afc24165ddd05ce406d21599dfbabfffbe4f937ecac62134ab964006940d1ce211fc3d17cd2237686

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    184KB

    MD5

    f9c496b348e9ed4d16e2ecf3698dfbe3

    SHA1

    de7f435f4c964978675d68163c3f7d47e41216fb

    SHA256

    0cf7fe9c75061bd70bb8a10eed002f4b121bbe5682dd12d659bef19c50684a36

    SHA512

    4f112d10a8acf5604b341945f5f9cab635e15eeb5ec7aa04b746ea1b58b505325cea8fa9285753b594822cb66a195153161ba7e7eb60998b87c2a123fd552762

  • memory/4948-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4948-1886-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB