cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
Size

74KB
MD5

1c49cb118f004e6511241331334fa0b7
SHA1

cf6b415e68778a3731aee2fcff435f7494a94a6e
SHA256

cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7
SHA512

38b00624db5a892bc302117a1b5f232d74862a99b279317ebfd91209ace3017e62d83052dbb2bb3dedcbb42c39c071537cf01037a5cf5b40071a6699d0069353
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJg:W7Z9pApQESOHepOHe8G+6E65TGATQ2T+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4996) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp	cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe

C:\Users\Admin\AppData\Local\Temp\cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe
"C:\Users\Admin\AppData\Local\Temp\cc9212cd28451c37c7a7f0685820e1e816d2cf988338368d4222882e8be9d9e7.exe"
1⤵
- Drops file in Program Files directory
PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
74KB

MD5
eb42e92c4ca05ba723cc85a0b89e3867

SHA1
e841355ec45bd2578764a2d2365ecf1c5852585e

SHA256
504b844f082e6d9d081daf321775d079c131c98e506a1729081a304456ee2d6e

SHA512
99dab446ff6548862fdf0f7ab5a9514a13d20943bc0706c9ae34bd1e5577094348c95ada605a5636943cb27d45253ee648ffacf572eab1c292de39f3f824bfc1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
173KB

MD5
d6d578c23cca89b3faaa1e6e2720c5b4

SHA1
d599d71d89d5dfc5f2c9ec3bf5e49e91ffcdac6b

SHA256
58a14da54ff32e56730abf1876d762821f774442926762a75d5a407ad85adb27

SHA512
f1ce14d752178832fbca968eb05bb18aa9a621ad9abad339957f5e63e7ce80b4da17bdbfc5fac68c2f4fe9bca9c72e1ee11c74cd70a1de4500a78df58f046125

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads