Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 04:08

General

  • Target

    cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe

  • Size

    80KB

  • MD5

    2c6d95e62b3ec8a599041a4b3b6c4157

  • SHA1

    06142afbd5373076cfd8d625123eaf396a1dd81c

  • SHA256

    cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e

  • SHA512

    2090fa4fa82ad28014b239e29748b9bfce96e0898d09177552ae834ff2196a71a6a348502edb39f53106e78ce39e7ff1dad17aafe7966b91a51ba46a9452075c

  • SSDEEP

    768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hH/:W7ZDpApYbWjIlE77ufL2e+efZwZav7

Score
9/10

Malware Config

Signatures

  • Renames multiple (3433) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe
    "C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp
    Filesize

    80KB

    MD5

    77daceb060fbf5908a907ec8e4f324c4

    SHA1

    c608194ceaaaba1f54426b7e64e8f5212127a464

    SHA256

    a13079d575000527ec012a8a6f7f08040b1676807a78d031d42af12a7a971914

    SHA512

    a427dedf1ef1faf5a644fe91d9406932905141f2243230bcd19c1edcd43e1f6966f22d9eedfce0d79b45aa87aa3a18b24e8a7c2d296533eed1a2c863ad6d1623

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    89KB

    MD5

    d53775eeaf450baeac783aa119c3048d

    SHA1

    afaacea44042767196971423e80ad4477fc3f9fd

    SHA256

    6a1e3e62429ad6e6f6370b5a755bd402783028c472e49ff2c4e7d6fa5731f813

    SHA512

    548558db653067cd7f017413730ad2afc45c7783355dec52b349ac8b2142b00336a98907e20eb5ec2996b1eb8b525f4e45a27356bc6dbdfe867266d5d756aa63