Analysis
-
max time kernel
150s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 04:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe
-
Size
91KB
-
MD5
4c8e87ef87cd38e55f842b83a03f9cf6
-
SHA1
336744142a0678d335600a90e3fc8444a710e339
-
SHA256
efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95
-
SHA512
53485109bea04eb2bc75801ed87128d01652179d8f9f1a0d9fb97a866cd1bd8c87b594cfcd07749a1e8292bdeccfa23f0f96a5ec8c7a2e8401f33fbf5b517fdc
-
SSDEEP
1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/I:6e7WpMaxeb0CYJ97lEYNR73e+eKZI
Score
9/10
Malware Config
Signatures
-
Renames multiple (4853) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-pl.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\af.pak.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\7-Zip\Lang\kab.txt.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\EXCEL.VisualElementsManifest.xml.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp efeace9da6afeafa2a809b87c5d5c956b7da1e6bf006e78fa099d73f2c629c95.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
91KB
MD5664211bbe067858ae1fb99af767d9991
SHA12f45fe13f7ee7732f70810546bc793f0591a8c34
SHA2567326a80ee75608682e2c3082d1f60d7f691b05761aa542f657eed570fe4b9ee7
SHA5122b7597e7dda2cda13e0d7a372fe410b5f4024b6279c295958480950104b49440bd8905bf759c5302d441fdb8968d2333bdc29bceea5b4f4160f55ec902d2cf36
-
Filesize
190KB
MD5ac2077f863750f281e1c3c3f264a0db5
SHA1b4966f2a8102633954d150af6c9d5d474bb1222f
SHA256d2f40ec15bd8c287f4627fef0af4f394c7b5e1cc5ac4208f86a6a8c34a3f5eb4
SHA512296b023d86c449ccf682f23dcc71387a870396277c7e1328ea3cd627b4033b8daaa2a79ccfe61f6131adfbdcc864446ebefa464b6214223cab3604f712830702