Analysis

  • max time kernel
    119s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-07-2024 09:16

General

  • Target

    a191ea807515079c5aa9426c80578080N.exe

  • Size

    22KB

  • MD5

    a191ea807515079c5aa9426c80578080

  • SHA1

    d9e5a5bc8334c7ee891f9c47d072d64de7dc5a98

  • SHA256

    5abbb051419b4ab1b987b004f34b834da065267699b7b3c69c2a15c83c37023b

  • SHA512

    b9240e239541c21a9625051292d3e2feff73550a2e04720bdbf8ba06f8621a8d821b524b7ae78e32e65a6588153c5068bd52dc68e700991f03cf35336917fa4e

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJblDZblDZaOpeOpWB3j3cbNQj3cbN3EFEA:kBT37CPKKdJJBZBZaOAOIB3jM2jMa

Score
9/10

Malware Config

Signatures

  • Renames multiple (4373) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a191ea807515079c5aa9426c80578080N.exe
    "C:\Users\Admin\AppData\Local\Temp\a191ea807515079c5aa9426c80578080N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-464762018-485119342-1613148473-1000\desktop.ini.tmp

    Filesize

    22KB

    MD5

    fa7f4642f2c71dde683f9dba4d59e0f6

    SHA1

    f35430feffaf4094c1e5ef72b925f366784773f2

    SHA256

    b5a838ec8837c0142b690e676c471a32d38fb4da1c6a077573f3c7e2c8075693

    SHA512

    01d2fa4c1ad03a58ba734fe730a158fe21fd523f24e74d81c2bb4c19f6a8216c311a24955c2f2d74e36e15a3a41f927ae67ba43affc87c1d2be9bb6e25667362

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    121KB

    MD5

    83ec87c3ea9596dfd7db633754d21d4e

    SHA1

    0eb7a968b3c9be134b1af0ba0764473c112f502b

    SHA256

    a7679c64397cc66555bdeb1b3f681636f6ff1a3c33bf77bbe19272a63e3bfd80

    SHA512

    96c1c08b1e05d262f6980935dc8e4531a653b0bf76e9ada81968bb4d376eaf2bb2abed5349fc61507f60b3da1371d74e61330151d1f31fbfa023bc04e4106b62

  • memory/1980-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1980-1038-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB