Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 05:04

General

  • Target

    df4a5d71fdc0aa8f4007510d3214ece2c7d50d4fe9dd3b953f7111edee8c40f8.exe

  • Size

    76KB

  • MD5

    920f0f0d2c24d50ed149c5473346ce5f

  • SHA1

    f7730e8d70dd2ec80dd997c5481598a0359a2d70

  • SHA256

    df4a5d71fdc0aa8f4007510d3214ece2c7d50d4fe9dd3b953f7111edee8c40f8

  • SHA512

    f679916f0a17562e522c2371442bb0904b0a46f6aea857b5e677b4b0317dd064c5b18f4b0eefaa54094d967876458c714be56d19f93499e0a5e25d5b5a035148

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/HfFpsJOfFpsJd:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfFI

Score
9/10

Malware Config

Signatures

  • Renames multiple (3749) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df4a5d71fdc0aa8f4007510d3214ece2c7d50d4fe9dd3b953f7111edee8c40f8.exe
    "C:\Users\Admin\AppData\Local\Temp\df4a5d71fdc0aa8f4007510d3214ece2c7d50d4fe9dd3b953f7111edee8c40f8.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
    Filesize

    76KB

    MD5

    b68124568252323a9ab186e69f34f8a1

    SHA1

    a7cf960fefab37756ba3337abbb035d3cb96b8ae

    SHA256

    44dd61e338e69f7004452e049c7124987e2a6fa1e4b35316ffd0bc29970ad39a

    SHA512

    6cd402286d32b03f811aed9679540b067f7f61fb078f78ceb26931ff7737fb1d7756affd13ffa4cc93e50c9d4554724cde691f6e7ecf501822919418d24d5bc6

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    85KB

    MD5

    1b7cb1df59d5cb2aa40f5fd9f732d532

    SHA1

    1be10ebbd92625d873373874cb484ad117a5cd05

    SHA256

    0792c0a04329bd738682739b06eb6bba331e8243ba847ad7e8e2fb70e6a01000

    SHA512

    08bbb4d4e085ab0e68604375507eff89946dcab388e432b8f46f486edd8f644dbc1a1fe400e9275d87c51cc46c97da82be2fc8bc4fe8a76f5222a455a1c96c3a