Analysis

  • max time kernel
    150s
  • max time network
    62s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 01:21

General

  • Target

    a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe

  • Size

    75KB

  • MD5

    dc851ba2d43f319a168415ef63dc7803

  • SHA1

    c874ee2fcf32d53f33220519dd08cca261485545

  • SHA256

    a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254

  • SHA512

    ff54fabdf2d68f713c3174ace92c55596e2955517eb1394a220657317ee477eafdaf8f7f2e1d7c0a6e9eb895b53373556dd260f0d4db83d3055b82d5efed647e

  • SSDEEP

    768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHq:W7ZDpApYbWjIlE77ufL2e+efZwZ2U

Score
9/10

Malware Config

Signatures

  • Renames multiple (5073) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe
    "C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

    Filesize

    76KB

    MD5

    b7ad92d380376c8653f4b592c24e2bec

    SHA1

    7f9c41fe94f7b3ba95c9efad030b214e0999ba51

    SHA256

    c1f713e8056762f698ffdb650c1f7c6cc24216823ca94edb99bccde8d1061870

    SHA512

    486ebf836305f1df6c0276ae11b404bbd4ddc558a839f5806c6b64a02d4b523cbcdb1fd9764cdf436d8cb898fb05d64c3e544e8d3cba45e8d71406bf41079616

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    175KB

    MD5

    670415fdb4789edcdf4fc9f8344cadbb

    SHA1

    b6b8e84a4faf9c85dd2492f752e122808ad83f06

    SHA256

    84e238a7361d5036515f1b4f8739b116f8e228e32401cead823cae22dcda2fce

    SHA512

    81b53e2ca8b29932c24b5bbce92ce74a4a2e710baab5bd20a873181579d7f2f16811859f187d4ecdd05787c59bafab7a86dc18c45cd1652e914f7ba4e49543a2