Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 05:04

General

  • Target

    df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe

  • Size

    68KB

  • MD5

    4e16c136fa332f42a6dbfd93bb1cd1fd

  • SHA1

    c0c89c8e7a0c1ebd1614b429aec781811de37497

  • SHA256

    df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b

  • SHA512

    a3df46335fe100f5c24b864ca5fffccd07fe7d321a3fbdd764f069e671a1cd1690c3ec5af916b39f576aa8a29b61753b624be372a8ce11cc8a023de476282bf8

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8B8/8ugO:+nyiQSoFkugO

Score
9/10

Malware Config

Signatures

  • Renames multiple (5042) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe
    "C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp
    Filesize

    68KB

    MD5

    13b53a79e00af8456bcdc3b1f1e7d255

    SHA1

    c56e01943aea4589b85f18294c1dc6b1149a3801

    SHA256

    c6cee7df903a7208be36d56d5ab525e833d30d42dfb69fb25960468ba5eae78d

    SHA512

    3a513b97b966c1a68dd55b3779ac0f329a3a511deb2f9e0e3071643d269e25063cb4c22168ffca83d9923348b41ce1d15223a2faa80b82333044df39a3e62c00

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    167KB

    MD5

    7789797a7873b3edc11cb0a344dae7be

    SHA1

    61010473f933048bf4c2a8d55dfccb2479ab7142

    SHA256

    8e112813d5426da41c0a76d1f5763717205a2e6ca2b09fdd0a6cb762d04dbcaf

    SHA512

    05db6be9b460a8a6c8e97b2e681b2fe3abe9661ac566981995ecf0554e174d92e5850400bdb8b2de3a56f102dcff9b1d23775689c7b6c303f1688a78e494bfa7

  • memory/3796-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

  • memory/3796-1808-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB