Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:07

General

  • Target

    cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe

  • Size

    42KB

  • MD5

    39821beec72e6c7c37714b19f9fc084e

  • SHA1

    fe309660135148ff4a1b2e0a959ad9c2c6ba4e84

  • SHA256

    cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32

  • SHA512

    e1fcb33ff46f4f5252d48f0355be330fc3cfea87c40232fc43a063af5cfd127b5859d0a98892f47ff3e064d6e693f9d13f4e331974af780015823cee8c5bdb7a

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBN10wpAp/lvolGClvolGaDAD8olDolm:W7BlpppARFbhbt7Y7Sun

Score
9/10

Malware Config

Signatures

  • Renames multiple (5277) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe
    "C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    42KB

    MD5

    62876bb65d1ecbdc97dc16b763c45a77

    SHA1

    30c0804c94987d003af638274585a995d346154b

    SHA256

    b2a5f0e03ce35fd26a3c248b9802b707289ad00db4d9d2ee3722617b2db7c6fc

    SHA512

    6896511f6de44b67762fea5671a58dfdbb492a3c71d6d54009c0ddb53f18c7f150bbf9384cbeae3a4d5d2146d253b7b6abf4c430e354b15cf38e50e91d4df44b

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    141KB

    MD5

    4f3d48ca28770dbcb333964eee1e445b

    SHA1

    ac7db119abf3ecf61f64c18ca2b9c0dbe95610cc

    SHA256

    a7248250105cbbe93452458e77f68d5cda3c16ac4a6b9dc159c3cd4f052c3750

    SHA512

    9bab0082aafc1fd725542f1d6528c5919f9e7a6f9f96efd58f0c5af6199b97d707413ef205246d3a56460d8bbe795dd2fa6d95973d472680146524bf86b4cc56