Analysis
-
max time kernel
150s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
28-04-2024 22:21
Behavioral task
behavioral1
Sample
6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe
Resource
win7-20240419-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe
-
Size
109KB
-
MD5
f1d7aba18991d33b132ad05529bc691d
-
SHA1
1e189d90fa324fe70890b79891f587d49accf9fc
-
SHA256
6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587
-
SHA512
17832473939a3076ee0d10750c251c12d7bf3840581c39e68a0a65592169d2b9476498f4a0f75c33beda7af7c36d53ce1be9638e4a7f7b70bcdd8d9ccbac1f0e
-
SSDEEP
1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfO:hfAIuZAIuYSMjoqtMHfhfO
Score
9/10
Malware Config
Signatures
-
Renames multiple (5008) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point) 4 IoCs
resource yara_rule behavioral2/memory/4340-0-0x0000000000400000-0x000000000040A000-memory.dmp UPX behavioral2/files/0x000d000000023b23-2.dat UPX behavioral2/files/0x0008000000022972-6.dat UPX behavioral2/memory/4340-807-0x0000000000400000-0x000000000040A000-memory.dmp UPX -
resource yara_rule behavioral2/memory/4340-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral2/files/0x000d000000023b23-2.dat upx behavioral2/files/0x0008000000022972-6.dat upx behavioral2/memory/4340-807-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\ucrtbase.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\v8_context_snapshot.bin.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\7-Zip\Lang\gl.txt.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Java\jre-1.8\release.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp 6d607115a7bdbd102abe25f33e6d603d92da9a92a9310cdd71b5ec873322d587.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
110KB
MD5040198afdacefb87a4707b9e1162b35e
SHA1029d53597e15cd803e55986876f23db38b8962a4
SHA25634db9ac830dd4536356f462e031cc82f6b0e6b402596ed5e7718e5103677a592
SHA51268483ef2c81064ddae77adad1852092c52c99aeb4ee022e1f4a8b90b5cd6a03fb1fd9d0fb264345f07adbcc6fd4f8264bbe8b5f833f82dde5155a4a94391ea3c
-
Filesize
209KB
MD5f8b50393fdf64e717f9b8bef509a0115
SHA128f6d33538f2718c9de2f7134dc8e73db9a3c4f2
SHA2568857c1621bce953c426625faf2a249dcf1b1332665617bbdee59f320e0d79241
SHA512f222c59d51134aada56b620069a322686c901d7cd4baea563c8d9cc7df4ed85f1a3081be106b5a8daead3c0af2053c0cf8a439e851e2ecaf32eb16fad1b1152e