Analysis

  • max time kernel
    149s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 01:30

General

  • Target

    a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe

  • Size

    81KB

  • MD5

    497c7c5ea397a56d968144b98fa980ba

  • SHA1

    c4a02b353c9eee4496a7f91832c8eb8b35e2ff8b

  • SHA256

    a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4

  • SHA512

    c8ee7e1c8114b60765437b707ec48f5cc5ea6ef05318f547f2ed841c6f9f1785048d519cc64271f604b68bf036522beb07bee284499ec15a356561f53c7c651b

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2Ip:fnyiQSohsUsWU9BK3p

Score
9/10

Malware Config

Signatures

  • Renames multiple (5015) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe
    "C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

    Filesize

    81KB

    MD5

    92cd072699e092ea8f956ea384848b06

    SHA1

    ebeae3bb35c34ebaa86ba2e37b654ddf44681ce7

    SHA256

    8e1129f1edffd75238d796449c93f66ebe41c5862a7e3138bb1c80493d50489b

    SHA512

    4869273bcc520916e8b1cb7dc9c319b9bad789c0aaca91dd75885c08bf78d1a871d809f83a40874de6535e1c143b5472cf76f959d9bd1355d7ae52cfad22fd89

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    180KB

    MD5

    7d91bb1c1d4384ad995b2b62cb1e1425

    SHA1

    efad0fe4cc89356902f1e551f93cb92987dea778

    SHA256

    d01cec12edd43d75ad3b43dc1994e71725bc6c5a2978e393ed0292bbe688adc5

    SHA512

    f254726a21330eb58c3611b8f5fbf0b2a32a7706ee1b2add60e9afe7d0022e42b43a754ea1f5a8c152944da627489ec1c90fb647354ac83f03bc731163693ebf

  • memory/1052-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1052-1778-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB