Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 01:14

General

  • Target

    065854c707faf010dd871dd4646027c0.exe

  • Size

    78KB

  • MD5

    065854c707faf010dd871dd4646027c0

  • SHA1

    b3b85cf96c7de8194e2a192ee277f1e51735c09d

  • SHA256

    d79ce1a98a73bac7e542c94cd051eb596901bc53c983ad8395d85b7b6acd7101

  • SHA512

    5075e70349b03416918d070e1ee78ab67a5c8cc899cd5be45e794c52177d647aa79a7a16e864368b4ab28424f112ca6d520ad7e0534ebe4aab6571c0763735fe

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh4:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsd

Score
9/10

Malware Config

Signatures

  • Renames multiple (3702) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\065854c707faf010dd871dd4646027c0.exe
    "C:\Users\Admin\AppData\Local\Temp\065854c707faf010dd871dd4646027c0.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
    Filesize

    78KB

    MD5

    61ec2bbe2cafc6f367dac7e4fe623bec

    SHA1

    dae1d919958102cff52ff90bd62ab50397fcea16

    SHA256

    bf25787a9660d12f56663c51846e45599eda1a8d0ce2ee0a4af05a270e45b91b

    SHA512

    22ea6998fa24b82ad150b4dd49ece406aef9a7f2c7b4c449174ac100b30d0a0c837956400f1d6abde8920492688b0894a6b512c1a247d3047a2d434cda974071

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    87KB

    MD5

    5c7cdd0243b724bb3f86a53d55c8e7b2

    SHA1

    e0f8f57cff8b37091a8124537b2fcfa6081efe41

    SHA256

    4869b75d5a529c461c7ca66881de00e10ee9a0b4d6e4c03ab9da9fa4f8c3ca50

    SHA512

    4ff43573844ae65853ec98bbeba301c85a341a41f61501fe6a72281611bb83215e1f84adce3b26fe8761cb90d1fd530d30aadbf859832d4b84c5f0e17a9cbc41