Analysis

  • max time kernel
    150s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:05

General

  • Target

    cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe

  • Size

    95KB

  • MD5

    fd32aba68ae43140d228a1e255289926

  • SHA1

    b7104e939b5f6a0a9641d6c7c9a62b2f193c083b

  • SHA256

    cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5

  • SHA512

    803ea978e2f50271fb8555b56f2b2f8419db7d468c19647d227912996afce6dcf81d898b3e053930ae35b759d622a3c72dafeeabea0436613f7fe217283e20f8

  • SSDEEP

    1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNMtnKs6nKs1:6rWpcOPxPke+e3fFpsJOfFpsJbgE4U9

Score
9/10

Malware Config

Signatures

  • Renames multiple (4721) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe
    "C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp
    Filesize

    95KB

    MD5

    1bbcc4a35f5edfaa8d0bc3a9013c5bb8

    SHA1

    f9afed9fbbe2a4265b0345ba5daa7371c072258f

    SHA256

    2106dd30cabe96787f7fe4a016ab4308216b3ae79495c4459f0d9bd57638d44f

    SHA512

    a237d9eff9cf7d5091ae9ee0a35842791dd1aff08860a554a8887e0558a551800cafbc938914f966c6421fcb98654443e163a8d483f4985855446fc3af3ccb6f

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    194KB

    MD5

    d63d7092fed81ec8ed7fd985047bf652

    SHA1

    51d8f9d2899a69f261d1bcd06618c2f283560bb5

    SHA256

    9f0f35487f6e0465b7c0b7bae25c7771f6005eb80ee493df3876aeabc61dbff0

    SHA512

    2cf7ff162c0878742a5d2f84440bf8c5410d5abff60f7ec94ca109fba0e2d35f7fdf66b27bbeca44b1a877a21d561c6012e22a1350a0e9432b45366e1608106b