Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 01:30

General

  • Target

    a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe

  • Size

    81KB

  • MD5

    497c7c5ea397a56d968144b98fa980ba

  • SHA1

    c4a02b353c9eee4496a7f91832c8eb8b35e2ff8b

  • SHA256

    a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4

  • SHA512

    c8ee7e1c8114b60765437b707ec48f5cc5ea6ef05318f547f2ed841c6f9f1785048d519cc64271f604b68bf036522beb07bee284499ec15a356561f53c7c651b

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2Ip:fnyiQSohsUsWU9BK3p

Score
9/10

Malware Config

Signatures

  • Renames multiple (517) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe
    "C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

    Filesize

    81KB

    MD5

    c51262e8b9546dd46f18e2655c7876a1

    SHA1

    0ed00e778d8e22996bd264548b167ae63d760dc2

    SHA256

    0ef28376b5707f6a112881dd9fb9cd356dec467381802ee634f4d99d631e3315

    SHA512

    a915b86923a6a78d0e5de93529e5d830cee96aadc19ea5d1652b09a772196e3bca48bda31d1093ff6f80f3d288c63f567d4934460bde4bbda2316fead2901d75

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    90KB

    MD5

    d803040f37b315b52622c01094ae4e19

    SHA1

    18b2e8ae2dbf7984866a63d50968373fae4b9f2b

    SHA256

    9dc9f1aba1aa996145b248ae26fe4ea90e673468a9f8400a06e3b8720bfcf04d

    SHA512

    ba5ae87a4745d29611ccc9b490ceef425fe7de4e7569c1da409b2eee8d4d5bfbd9fe3709144959d1f89edc2fd7a5dfc1b5cc33b606d9c2d0f9abfd43cc2455e4

  • memory/1720-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1720-62-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB