Analysis
-
max time kernel
149s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 02:16
Static task
static1
Behavioral task
behavioral1
Sample
1d4dac3e90b40b91d0184fa4f6823540.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1d4dac3e90b40b91d0184fa4f6823540.exe
Resource
win10v2004-20240508-en
General
-
Target
1d4dac3e90b40b91d0184fa4f6823540.exe
-
Size
81KB
-
MD5
1d4dac3e90b40b91d0184fa4f6823540
-
SHA1
513e5f69de8d99054153ffb0c679a64a0f2e2e19
-
SHA256
4bf897677e2e9dfd45bb61bc33f503afb53f8edbf7b17bbdf7060ecb8bc3aee8
-
SHA512
2b0461d5b700dd0899a2d67a1f6b8bbcf112da47c5595a5b14ab2a916b2113f818fd852b33984643db629ff11d6ad88d8aec159b6d057d8427cb0d8ff5c80968
-
SSDEEP
1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8A:6DWpwE7oL2e+efZwZ08i8A
Malware Config
Signatures
-
Renames multiple (5188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Input.Manipulations.resources.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\da.pak.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe.manifest.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.Vectors.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp 1d4dac3e90b40b91d0184fa4f6823540.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5f8ef73eefe8249d9dee65435b313686f
SHA131b84fa3b4a967570a83d44c608c712001b1b2ae
SHA2562cb78087e678b95da874814192d03a75734b7aebb8c82f173920f0c16445305f
SHA51277b08c65dde6c4a0edbcf5cfef5012759f9ffce4eccd00081bc565eedc3a6194a694aba7e4c6191cdac9bdc70dd9193c91f6fb8fac5bb43f5b2400444ac9c7e3
-
Filesize
180KB
MD56011c39eed9f4f3a0112c24f2e50558d
SHA12869a9ed6363cff42a1a72ec89f0da19596af724
SHA2564e6d1049c4ed9e579a0fab8ad88c520f5ec09b36129e4411dce8e0e7520a83cd
SHA51218f5aeb8923160d4429864923f88359a5a8985eff9b05434d3eacbb0619d929609d0204d55414d53bfea50ba1164f3b055a52bd4366b2d83aaa4f4f840ac1ea0