Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 01:34

General

  • Target

    a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe

  • Size

    70KB

  • MD5

    c0e1d53a01772865c234c448088f0c8f

  • SHA1

    8eae885b8636979c5370d79cb4cfcbd73442e6db

  • SHA256

    a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916

  • SHA512

    08e35cb943631079893667e2aa9e7824e34ae2fab8b0a4a9ce712565f035f6dd03ea0570df7c7131cdec623c9b6246a065fcda017e45dbbec7ef024b491299a5

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zx9R:fnyiQSou

Score
9/10

Malware Config

Signatures

  • Renames multiple (5247) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe
    "C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1856
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4612,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
    1⤵
      PID:4676

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

      Filesize

      70KB

      MD5

      f06955cdefef7ce1a69f356323f91f1c

      SHA1

      98aef74fb17252cab61f03fcef0197da4c61b93b

      SHA256

      dca245d4ceea58751b896c48b4e4cbd394c6f49dcdeb3ceb61087a7f5b6a0ab5

      SHA512

      c75c5fb3c0643f7813fcf099f53c5eb533a2183ea0dd7ba6c3429db076e3ff0da8cf15db15b7c76d6f62905c96e01e2c09c885603d3a1c3130487a921193bcbb

    • C:\Program Files\7-Zip\7-zip.chm.tmp

      Filesize

      182KB

      MD5

      292e320a6962250999e8bbac8458bacf

      SHA1

      698c6afbd576970e59e43190831753e5c9760477

      SHA256

      5378050f99532064bcfcfe788f45f2d4e44055f96187dcc44149931410023d44

      SHA512

      b47f5c86fc2eeb6a6abf091ad555b3fd7a09f026b26d7fd677d435f8279d35c872a83f2a7d967337663a854c37c7fdc81bb457e09ad0da5cec8c74d408534b5e

    • memory/1856-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

    • memory/1856-1970-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB