Analysis
-
max time kernel
148s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 01:19
Static task
static1
Behavioral task
behavioral1
Sample
19f4731843983ba98198f774107abd70.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
19f4731843983ba98198f774107abd70.exe
Resource
win10v2004-20240508-en
General
-
Target
19f4731843983ba98198f774107abd70.exe
-
Size
82KB
-
MD5
19f4731843983ba98198f774107abd70
-
SHA1
121ef84b922900ff987e2a9a89da1783342c2d5b
-
SHA256
cbb640aa74eaba4cb8acfdf24e56ea72def4778225c778b826a64c82d17b28ce
-
SHA512
3311e5e2865285918d7826132a0de4f0169bebe75cf3ef5b083d2a2385a1d438bf87bb3a02d360c2edcde2673ac125ae574ea6851455350ad8f177ad261f0517
-
SSDEEP
1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t2rt303hHUsG:6e7WpP9oVLQthbYY9oVLQthbUrt7t2rB
Malware Config
Signatures
-
Renames multiple (5130) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\7-Zip\Lang\az.txt.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\7-Zip\Lang\fi.txt.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp 19f4731843983ba98198f774107abd70.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll.tmp 19f4731843983ba98198f774107abd70.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD51358db61226453979deb1935724b6e32
SHA1a1ab6c849ca2f7dba00a8b10c0a5806727a8d8f2
SHA2567c10c959a01f9de0027755f630ca6d3be802485e42f9694ab69c53e18a7044ba
SHA512e281b363e5b7dd94b8ca04360d186523889b5ecb28bdb0a211f0649e2496baf87891957f4beb2a424275202f67cbc813d997ac78379d6beb8d01f3499bb6df36
-
Filesize
181KB
MD5105145d3808da7351115b75ea19b455c
SHA1d5536330d7a212f1e8c004d82a4d62c1a92dec26
SHA2566251c5459563bc4cbf24af860279c09248d06956156599a11d187c9e9b625db7
SHA5125930c398a29d161912b91ce7f7238becbcccad8b1f92e34f457ec87cdff371a5ca3cb36746b9a281cdc8fe26b42b24321e365625037dcbff871b90a0e8818a63