Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 01:07

General

  • Target

    0630c1b85fcc9a63d6e9965e7b611640.exe

  • Size

    58KB

  • MD5

    0630c1b85fcc9a63d6e9965e7b611640

  • SHA1

    c0647e9662ad6e39c95cc572ad3620e531518b63

  • SHA256

    e2070116f8e57e7f173dfb09cd7282697dc430bf628383b82f4f4151ae4b47fb

  • SHA512

    5744b32b5a4652f0c0ffc1ce84672db4c77897884063c77acfc57dc0e362a7e64764d79c6e800c9a3f34fd61e5986e96a0559360da48b97d1421d550c0e60a03

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IN:KQSohsUsWU9BK3N

Score
9/10

Malware Config

Signatures

  • Renames multiple (3791) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe
    "C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
    Filesize

    58KB

    MD5

    7f0930b3d09153b7d1ec95a98cf0c44a

    SHA1

    27c5a1010b20b662871c680615e13f858c5a15cf

    SHA256

    91509018c68990235751ace0f9d6b292c6674de5166bb4a26d55febb372b1149

    SHA512

    30bfc2df918bcf33b1d5627e3388145886b251e0c78d30519637549daf840fcdc66bc59b4202dffc7ece264e0206c74c8796b2e6a8ae3c5823ec1f8d3816c656

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    67KB

    MD5

    15cebf4bd1065154de919a18d11e17bc

    SHA1

    933246bb597a2f8c999d033116378c04b45fa6bf

    SHA256

    355d086bcc283d6b0c1a0da58cfd1e4feb6c91b5edd84197db5e50569b545d88

    SHA512

    1c0323e60556a131b73bf5505d735a9dbcfabfca14fdd3b4bc15f6b40652856a599d4b01d883fc1d776ffcbe5e3ca7a7235f7a5453fcc18e0a54970cb7d5cbdc

  • memory/1632-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

  • memory/1632-86-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB