Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 01:28

General

  • Target

    a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe

  • Size

    98KB

  • MD5

    cd9f2391e7770809e85392db6c3645f0

  • SHA1

    b400e04c6d056a46faeac733cec58f96f5dbfaff

  • SHA256

    a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a

  • SHA512

    f4a8445cdacbac04143ef8081d5337fc73de3a53a276dcb705b8b431c856a7c69026c4bcf28beb2243df085a8298cc8dfd11aefdffa97c089a6621583bb7248d

  • SSDEEP

    1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuyxX5rQul8:enaym3AIuZAIuyxJrQul8

Score
9/10

Malware Config

Signatures

  • Renames multiple (4855) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe
    "C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

    Filesize

    98KB

    MD5

    830a6e18f441e49668c188691207dbcf

    SHA1

    44d9ad31ebd9269cab413bcd1c675b68a0c2f35c

    SHA256

    05cd8c23722dbd23a2735ab5dde2e9c2bdbd2bda40e7455e187d1d95da3075fc

    SHA512

    b53c267ef2ef73ad768a322b47a3d4262fb53430793a6b4b841aa39dd1aa468d0c32269c1c06fa2f532fd709b326bac08f5f8002d590a78aff8b8934cd6f8f38

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    197KB

    MD5

    65e9d9192ea45d572e3f7f5ab88af32c

    SHA1

    2dc6636a1cbf5486c51b5bbe45411e74fef1cc14

    SHA256

    adae6e8f93e04de2d275973d47f9f7eac4bbe9706fd7ddf0c469824c5539a812

    SHA512

    b3d86143319cbd84d2b365ef5cc56f3964762e88ca6385664c5ac96fa6e4483cad593301b1d835dfd802e64bf8d3b8b2b4cff24855e9bed1a6b024b7f1006c7f

  • memory/3104-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3104-1778-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB