ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
Size

58KB
MD5

4fd4b4c230b053f6ee146e1bff0b8faf
SHA1

d3a1f9a4ba40ff2953a3633380088dca27e1dd5c
SHA256

ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148
SHA512

efe7b3c35a8e92b1ad8492df3bda6a376c7584a7be0ccf08c50e6dd099d95701652898e7488f70d4455e9bb0a2e16d38492e056809c75007c2f81f37d792bd59
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuv:W7ZDpApYbWjIlE77uv

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2531) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-synch-l1-1-0.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Algorithms.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\PresentationCore.resources.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationProvider.resources.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Cng.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.resources.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationProvider.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.resources.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-1-0.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-convert-l1-1-0.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.HttpListener.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Extensions.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationTypes.resources.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationUI.resources.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Forms.Primitives.resources.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clretwrc.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Pipes.AccessControl.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Xaml.resources.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationUI.resources.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.IO.Packaging.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.Design.Editors.dll.tmp	ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe

C:\Users\Admin\AppData\Local\Temp\ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe
"C:\Users\Admin\AppData\Local\Temp\ff8f3bbccdedb1faefa8286f03f45039a63f1d98207f19b3c45f81d30f612148.exe"
1⤵
- Drops file in Program Files directory
PID:2812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-513485977-2495024337-1260977654-1000\desktop.ini.tmp

Filesize
59KB

MD5
a89e0059325e4d683b6c2d0f34224237

SHA1
e1c0a0bb2f2c0a37bb358876053e6c44f6cc5a5f

SHA256
9f99cfc7fb00855ab24a4d018be1c6c2f96b4ab3b19632120f4c0cdeccd38f37

SHA512
52d68cd74e2674ce5cdef80d4b3147f2d349f1acd59827fd2dab22235237852c268c3edfa1b8a2e921f99e0060cc32eaa2faea0489ea99fcd8e4f064adf54e20

Download Submit
C:\odt\config.xml.tmp

Filesize
60KB

MD5
f5216007d420e22c71d645d4cec7640f

SHA1
6c82ce65d837ed89e43a872277a40d33b719880b

SHA256
5cafee2814eb3562f575dc2be8960556d4b2decb6c44c8019c9f30b52e3c1f50

SHA512
cd25f4bf2d9a99cc32b2f71e212474a813ef001a1d139ecd28996fd1ca7cc0a5673c5bda40e6f7496d3b396a68bad7a370648c67848a15ee5c5053b9b62c8221

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads