Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 01:21

General

  • Target

    a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe

  • Size

    75KB

  • MD5

    dc851ba2d43f319a168415ef63dc7803

  • SHA1

    c874ee2fcf32d53f33220519dd08cca261485545

  • SHA256

    a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254

  • SHA512

    ff54fabdf2d68f713c3174ace92c55596e2955517eb1394a220657317ee477eafdaf8f7f2e1d7c0a6e9eb895b53373556dd260f0d4db83d3055b82d5efed647e

  • SSDEEP

    768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHq:W7ZDpApYbWjIlE77ufL2e+efZwZ2U

Score
9/10

Malware Config

Signatures

  • Renames multiple (3514) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe
    "C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

    Filesize

    76KB

    MD5

    9989336ae42f1306418490f7f65fb0e4

    SHA1

    8b8f1cc8de34a3237826fe6f458c3e7e11f5103c

    SHA256

    3a96aff912faa8220c94eafa030c33f2f2d5d26dc9c4cac8a23b6bac461be4a9

    SHA512

    3ac63189ce7461f9210681bdafcc2232a9a99cfdd3b37fca4d8509e9fd9351d97b73535ca9415fbb5164116938844675d73b995fb3b7799d6ae6ae0c53ad4b56

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    85KB

    MD5

    fdacd6933b3ddb5303b06b95a6750f48

    SHA1

    17593f0a495baea406dda0f9af1406a691b3c294

    SHA256

    d23cc222db531e2e3bb3c3534322a59d883159cb2ba5fb428524491f417afd27

    SHA512

    c451a8dba78e966e928ca4844442a6155f4f8a1bf2306bdabcd3bbd1872b33c0415ce86893cbc9cf3e3599062c288376d05db45712295fc7494cb1a4d57735c3