Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 14:34

General

  • Target

    2024-06-14_4a38ede90c924aa5e3e2e1dc67f432e1_nokoyawa.exe

  • Size

    38KB

  • MD5

    4a38ede90c924aa5e3e2e1dc67f432e1

  • SHA1

    2f88914130f08712a3fecea34fd6e4993f58c2c1

  • SHA256

    58baea354fb8318158364b476a5e7b7662f4c56b6d71219b324d3c1a14b7f909

  • SHA512

    ab795c8f2e4bc7458a64447babdda3f93d12a2e229939e97ccbed36f15a096c521b34b57359f901d29a4d1aa2c30f8de61e06abad1c4222485d5612ae79ab213

  • SSDEEP

    768:UMs3yBEgMYosM5Ar/xY6Xc4FSimT3oDz/KVA5m1q:vdB5bM5Ar/S6Xc4FnmT3oDz/KV

Score
9/10

Malware Config

Signatures

  • Renames multiple (289) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops desktop.ini file(s) 26 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-14_4a38ede90c924aa5e3e2e1dc67f432e1_nokoyawa.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-14_4a38ede90c924aa5e3e2e1dc67f432e1_nokoyawa.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    PID:2164

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\NOKOYAWA_readme.txt

    Filesize

    625B

    MD5

    5aea0bfd70679b3285da2ce305e5d992

    SHA1

    bd90c1be51b76fb43dcb46d9781cfbebdf655520

    SHA256

    91b4c8028e4a86fb2fa57ef0e4f01e860ba23c1fe5ed88aa84915e281a57deb5

    SHA512

    c5ef4fa016103775c9581010e845cca0291ce8e33bbc16fa7c4b8059367cddcdc7a02aedc26959fba3437cef70b2167d0f815fc8f3698ba0b85da447c6e0fb96