Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 04:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe
-
Size
92KB
-
MD5
ef917bdf8ba32be6c1a98817d5f85d3b
-
SHA1
e8a1ac5c387dd61d4b7a17db5e0fde7e701311a3
-
SHA256
ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b
-
SHA512
2330ed1f11d2110e9c3cd10a825be6a486e7adb009200477b791d078a19f17019a9a0b952886857e823676212d58af485794affff362e89fe25f5f1200eef843
-
SSDEEP
1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNG:6rWpcOPxPke+e3fFpsJOfFpsJbgEQ
Score
9/10
Malware Config
Signatures
-
Renames multiple (5023) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Java\jre-1.8\lib\currency.data.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.White.png.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationProvider.resources.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Internet Explorer\hmmapi.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Java\jre-1.8\Welcome.html.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Office16\OCSCLIENTWIN32.DLL.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\7-Zip\Lang\si.txt.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp ff503b8d1f84caa9135d5ad1b34d05f4f6425f6451ea0f9fde761b487a17704b.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5db2c9dcf20555cfadb568c4f3159ddc3
SHA14c8059a62b33875d0a2785afeba01f35f5107a54
SHA25697d9ff483e5f8454402f05b1a1864ae03e217cd5a5f9379d88a87e2262343a9b
SHA512435c8950509064834a74b41d4f76d047fc1a4192aa004c98a2c08e275015472733d9be75d8fb5165adb574942201e71ae052e3f60fa407a159a14bbd0b7e44ae
-
Filesize
191KB
MD582953447fc0560a63adcdc97fb87f38a
SHA1cde570a3bd34f3e48a664e306cefb7cc48cffbe3
SHA25624aca7da757759bdb1a4618743c1506d58eb3f127b96225f70d4d0d818cbb0ed
SHA51240420ad2c7f274fab007b78a5eb8038c1109f5161621df4282f49aeb0728cf66335319dca31a9b6181f7d32dc815cb40e461333f770302f873dfbf03c93c7b34