Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 04:05

General

  • Target

    cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe

  • Size

    95KB

  • MD5

    fd32aba68ae43140d228a1e255289926

  • SHA1

    b7104e939b5f6a0a9641d6c7c9a62b2f193c083b

  • SHA256

    cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5

  • SHA512

    803ea978e2f50271fb8555b56f2b2f8419db7d468c19647d227912996afce6dcf81d898b3e053930ae35b759d622a3c72dafeeabea0436613f7fe217283e20f8

  • SSDEEP

    1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNMtnKs6nKs1:6rWpcOPxPke+e3fFpsJOfFpsJbgE4U9

Score
9/10

Malware Config

Signatures

  • Renames multiple (558) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe
    "C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp
    Filesize

    95KB

    MD5

    a81c0cfb245c1222ad89aff34c44cd50

    SHA1

    6feda5ae80d094ad9fcf5d035baf15d6c24e8c11

    SHA256

    5575856595c19359d5cc07536c7499c9d1492c25300214a457bb70507cd67fbe

    SHA512

    79d29cfaab1d34c7d236abefb08bd6bd7068559def031f0ff9001f508b08c2dc9308ff0c6dcf90b4ad6a5e2c0a532418e0388c531bf4c22dbb0f67510b33c104

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    104KB

    MD5

    f94f97bbf4e631c26685f8dc2a574075

    SHA1

    bdcf5eb5d336ad27ff5a8ba11f71c3d138a93a4f

    SHA256

    4ae67a428ef0ce99c8714018ae2edecd28fdce2617d72e5d62eab3dbd4f18c2c

    SHA512

    f73650456ae43ac9aee1dfcf30b83d0043bb9a2cb3c147220b3b5b46d23f8bfd8fff78bf54c53e9417676024c7fa7c5b3d1b9dd4e981c0be7f4a2cacbca28600