Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 04:07

General

  • Target

    cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe

  • Size

    42KB

  • MD5

    39821beec72e6c7c37714b19f9fc084e

  • SHA1

    fe309660135148ff4a1b2e0a959ad9c2c6ba4e84

  • SHA256

    cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32

  • SHA512

    e1fcb33ff46f4f5252d48f0355be330fc3cfea87c40232fc43a063af5cfd127b5859d0a98892f47ff3e064d6e693f9d13f4e331974af780015823cee8c5bdb7a

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBN10wpAp/lvolGClvolGaDAD8olDolm:W7BlpppARFbhbt7Y7Sun

Score
9/10

Malware Config

Signatures

  • Renames multiple (3595) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe
    "C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp
    Filesize

    42KB

    MD5

    121d86a38f0118923fd846b8f1f11e79

    SHA1

    52f8019a55c57df63d37523678db0a867c8d7e3c

    SHA256

    a22c1142ad4b42113a4598341c1586e0cd6d20933bb2417c4559694262a726e5

    SHA512

    1a849ff7bddba2f45b480969640d0cb0199ec8ca7801b87afeccdbdb48d848e9af567ece50846af479ee6046722e5e9618300dd41a56c935a1b54a88c2a375a6

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    51KB

    MD5

    e08db42ef150b8c9807dad730d9c1d80

    SHA1

    15e164f7f7a7bc0a6fb6a0c6fe05af79cf759ed1

    SHA256

    61758cef5d875bb88492c39c58b1741cd8f5c2fc23022cd882a56fe103842c89

    SHA512

    0eecc5bd0c5780380ee90002949adb088012f94f7cd717ce128d41ec013c363b6f842c32f19772c41303a8eb03c30fd6e41dc907629e813b762627feb9761d0b