Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 01:07

General

  • Target

    0630c1b85fcc9a63d6e9965e7b611640.exe

  • Size

    58KB

  • MD5

    0630c1b85fcc9a63d6e9965e7b611640

  • SHA1

    c0647e9662ad6e39c95cc572ad3620e531518b63

  • SHA256

    e2070116f8e57e7f173dfb09cd7282697dc430bf628383b82f4f4151ae4b47fb

  • SHA512

    5744b32b5a4652f0c0ffc1ce84672db4c77897884063c77acfc57dc0e362a7e64764d79c6e800c9a3f34fd61e5986e96a0559360da48b97d1421d550c0e60a03

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IN:KQSohsUsWU9BK3N

Score
9/10

Malware Config

Signatures

  • Renames multiple (5291) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe
    "C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
    Filesize

    58KB

    MD5

    f310ea37cf1756caf2c8060cf61d9b75

    SHA1

    2774e9a5c56fb5ce7651f50f1203b51cf2d71702

    SHA256

    00740f374064d6216bc344b55eb9f5ba82e021a9357673a2cd83d950e7bc9e50

    SHA512

    0236cc252c183f9107af6eca3db2db313f37aebc152da3619943f149f1ecf1ad169f25351e3fa598d9abdbe129d0320cc55ebf71b79e3da71357048482aeca6b

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    157KB

    MD5

    1803157c3eb05ade1e762c206a51779a

    SHA1

    38cad08fc2209bd03250d6fd55473f2e78b08d31

    SHA256

    802da5343f1791fb194b753db8a0816376e4a6775b02756aca589a5770972bf0

    SHA512

    00a695f908bfdcb7cfd841c04068969941da6fffa9b16a5f9e01e3a6fd6a080fffdf241848a4546a3eeb7b9804aa088659392f22562896ed381f88c10783fc0d

  • memory/4724-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

  • memory/4724-1122-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB