Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2024 11:51

General

  • Target

    8f5c3daee0d306cc3538730dfed8b600N.exe

  • Size

    52KB

  • MD5

    8f5c3daee0d306cc3538730dfed8b600

  • SHA1

    4cf31261ca2802a7943934b59b7c9cb1fd051338

  • SHA256

    70fd9aea7ad845e30d138ee959beccd06a0a7141068f9c5c6d758e62a0ceb738

  • SHA512

    b07e398b397c6703ab88391745bc05edec6e6e2063c1ae7255c535047368a0d901c3f2ecee056403879df04f8ba0f46f7a6d870c44d1f2cdeaa8be085ed1f5fc

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFI7:CTWn1++PJHJXA/OsIZfzc3/Q8IZdZN

Score
9/10

Malware Config

Signatures

  • Renames multiple (3262) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f5c3daee0d306cc3538730dfed8b600N.exe
    "C:\Users\Admin\AppData\Local\Temp\8f5c3daee0d306cc3538730dfed8b600N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

    Filesize

    53KB

    MD5

    0c8342c75dd7438b8728903798d626bb

    SHA1

    2076050ea043c555b413a03f67418bf8c76644cf

    SHA256

    a8b5ff81ba5d01b6a74f2c25e10b1994a754976deb61a432b6450121edfb98d8

    SHA512

    2247bc14eb3d95df15698d1185c5c44b6728e4cbe9cca0c11b2f7b7aae69a74b62efe861ac960f92d5c58eb39465d43dcf16af00a8642e046b70e8d476e98a98

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    62KB

    MD5

    1da061f1e14d6013de03bae0fef21afe

    SHA1

    0c8d4f3eb2bebb9fda3980218a42a6be21758e81

    SHA256

    004d6bb070d8dd086e16277b4e6a8e32bf3b00fa69692608c0328acb40f96769

    SHA512

    2a76c5aa0d160eb0accca0e4fc885019cbea6b3d196c518c15ea0105cd13577358a97fb2eb398f35d9176fe9a494bbbb560d21c4bfad87c9716628390a1e08af

  • memory/2232-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2232-86-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB