Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:56

General

  • Target

    dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe

  • Size

    79KB

  • MD5

    40b36edd9639c2b9edd6f51fb4840916

  • SHA1

    0f2b334117cd6402213d6f717ea7c095151c0613

  • SHA256

    dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7

  • SHA512

    6ca34e47b5c5f346e69fe8a4650ff9188993ee684e5aa65aea090cbffef6837f89c4d65fbe4fe28739ab75a99a8b3dcb2fc446081df0f6c5a00c5c714b2b42da

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxFy5gfcL5y5gfcLUlGi0XlGi0M:fnyiQSoXqeaqeUlGi0XlGi0M

Score
9/10

Malware Config

Signatures

  • Renames multiple (5208) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe
    "C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
    Filesize

    79KB

    MD5

    2be79429cdf6ef060e2d08955f5e020d

    SHA1

    b2eb2c091bb5f4eba90e7828c71edd2c8b91eef0

    SHA256

    a95da7ae9190ec88a09c83935fa08ab8ebd997c19d7a741ba3ed0041bf93ccae

    SHA512

    ef0f868b4993f99168beefd24c61c5aacfd2ed481b0e0349fd9cb7464e7ccda1b8fc3aea886907af230ea9c47410ada6fad7c0ef714ff43f8997a47f7d23b950

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    178KB

    MD5

    c2f7fa8c35f7646a104ce41b59c0b109

    SHA1

    80de24f998274dd97de134a8d8e64303f8468bc3

    SHA256

    cbdc2e0c8fb2b4722d5bd54eaa4c98b3c423ee8a2120962324f71578b9e62037

    SHA512

    8fbdbb358584d6fba4920b6b104f8dbd8f7cdfb89097d70daf7356063ab413871dd20eb76770fff6a1012bca8663b831a1dcafd0c1b255837de94858c0649afb

  • memory/3592-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/3592-1950-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB