Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 01:32

General

  • Target

    a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe

  • Size

    49KB

  • MD5

    20909b6f7ba51725641fc37ced33b937

  • SHA1

    84368e9123247401a9ae2679f34ca78003b3085e

  • SHA256

    a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436

  • SHA512

    665094cf375e68e078cd8426a29aa3d438c07e9b89f83bbbbb74930785da4b420449e342e581cc691c1adb254d840812a64e98a302dc4911093585541484dbb3

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcHY1YL:/7ZQpApze+eJfFpsJOfFpsJk

Score
9/10

Malware Config

Signatures

  • Renames multiple (5341) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe
    "C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

    Filesize

    49KB

    MD5

    040a6e92897bad730ae6c9437741dcef

    SHA1

    64d5b9ef676311803e7ca63e7ac8249fcd2cb9c4

    SHA256

    991be8807a4f7cd6bc6d7c86ea0e79e8ee9d74ac2b8ffeacb0056a9c301521a8

    SHA512

    7f024e9e83563580052a40d8a97f0d666fff2d5d2937cdaa8fb5344bd3ea6e07a1dedb9c9ea4db939347855c531f0da1479c13aaab02f26b3b72f0725713e60d

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    148KB

    MD5

    508d12fb836e2eadfd3c9a52cd6b0b3b

    SHA1

    6479f08b74d69b229c987db2189226a0d465c902

    SHA256

    b81cdf4cebe9adabf2227863682b6af76becc375d21e3d1a6a188c428cc68ce0

    SHA512

    0eb6aa50e7f035ff20926bf93798a13e6d0b84af65926ca4b88ae98a48017928a7937267834ebdace390c6c64c558469f125f1861bde63a2ebb5e7ef02ffd177

  • memory/1924-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1924-2004-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB