Analysis
-
max time kernel
149s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 01:25
Static task
static1
Behavioral task
behavioral1
Sample
1a3c6568eaac319a0c3f0527f2095860.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1a3c6568eaac319a0c3f0527f2095860.exe
Resource
win10v2004-20240426-en
General
-
Target
1a3c6568eaac319a0c3f0527f2095860.exe
-
Size
72KB
-
MD5
1a3c6568eaac319a0c3f0527f2095860
-
SHA1
3208e6766e67894a0feafbf96a0b138d58f50f0e
-
SHA256
e0e1b01f07c3bb5670683a2d7c73f28f0585834c3b2907b7b0498af762125783
-
SHA512
f658536cbccd556b25ab5c4dc30e0ce79057fc44cbb0b42033199bb9b861121dd3eff93e0ede47f801e6df64f029869ba4c0181cb4baccc92cbbd1590f2d088a
-
SSDEEP
1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhh:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsA
Malware Config
Signatures
-
Renames multiple (5181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\DESIGNER.ONE.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.gpd.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD568146c78618ab82c615374125be7782e
SHA111660177dbb00a44d3de11abf0b4a79369d68fae
SHA256b084d851b47c4ebc10218e1cc8ac231b10fb5dd40ea8b423ce23a366d6708ddf
SHA512ebca48f62c4565cdbe5021b5c8a742f900785c95e8956ee234fa1f6c40b0e7b3cbcdcaab80cda7382969f9980c8aa0836f8818ad8ccd9e8c04b4dac959857a67
-
Filesize
171KB
MD5b7e733559c62f2ea7900d331c68b05cb
SHA16eb15e4bcc733d8dfc891edbab7a73f5e16f03d0
SHA256a4707b09fdf4bf70436ccce603b925a55faa0ee502eec7aee2ef95eca0b83ccb
SHA5121e70372b24c31db01018b2465e509ffe4ce9e911780e43cef3bb10eda36bc03bc0a34241bb25542c089e34e1b2486af4108f90bd231f93b7130b24be21db755a