Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:08

General

  • Target

    cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe

  • Size

    80KB

  • MD5

    2c6d95e62b3ec8a599041a4b3b6c4157

  • SHA1

    06142afbd5373076cfd8d625123eaf396a1dd81c

  • SHA256

    cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e

  • SHA512

    2090fa4fa82ad28014b239e29748b9bfce96e0898d09177552ae834ff2196a71a6a348502edb39f53106e78ce39e7ff1dad17aafe7966b91a51ba46a9452075c

  • SSDEEP

    768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hH/:W7ZDpApYbWjIlE77ufL2e+efZwZav7

Score
9/10

Malware Config

Signatures

  • Renames multiple (4866) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe
    "C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4584
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4452,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:8
    1⤵
      PID:3852

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp
      Filesize

      80KB

      MD5

      c01d34c36ee62c90cd22dd951d969d07

      SHA1

      719d15f6d44e74ee6ffe98952e301b59b5ac0868

      SHA256

      94ed3ddce94de9fd1fcc4a4e0e5d5d0f5c402dce5ea379a60b52e0be9f9fd696

      SHA512

      91a086c9d6998028fb2d40761d0f3cb3562c9fc83f82913d0256c80376a0cf7182a1c5930dbd54c83367b13882929784f38f3d67a3364876e340a68bba8eaaec

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      192KB

      MD5

      bd9c8c2a463be9798066a7b3a0bcd78a

      SHA1

      56a96f3cc43f26e8cc1d5f9761110deec87b8bbc

      SHA256

      c9facf568770fb772a6d0e869c34b0da3b5c9ed9ec6bbbf7ac252fe244e25b68

      SHA512

      bf55c7c0a9cb3bdc31891151f95be045b6cf708d09fb4ccf482bf893c414083dd89bc3a58583ffd3dcce307114e2d47cd93411bca2490f6f43619b506da4cf52