Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 02:22
Static task
static1
Behavioral task
behavioral1
Sample
1da29816344769cb31f81ce81b21c2f0.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1da29816344769cb31f81ce81b21c2f0.exe
Resource
win10v2004-20240508-en
General
-
Target
1da29816344769cb31f81ce81b21c2f0.exe
-
Size
47KB
-
MD5
1da29816344769cb31f81ce81b21c2f0
-
SHA1
9ab48c5e4e54de02ac4e7c93a3a6a9021e466f58
-
SHA256
01a8b2aa513ffb0627914ee65f22b6944b46c439e7a2d38589ec0fb433327f69
-
SHA512
4afcae755c86debaf801e870fea0199f123c070abaf76b91cc3bb956f1075ed7bbb38bb11ef8a2c679b9d0b8dc886cf5bc31d681d0d7bfafa6fed94c7ebd7bed
-
SSDEEP
768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcB:/7ZQpApze+eJfFpsJOfFpsJA
Malware Config
Signatures
-
Renames multiple (5303) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\powerpnt.exe.manifest.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\7-Zip\Lang\an.txt.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\7-Zip\Lang\co.txt.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\CheckpointOptimize.vdw.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\7-Zip\Lang\el.txt.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationUI.resources.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Xaml.resources.dll.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEDAO.DLL.tmp 1da29816344769cb31f81ce81b21c2f0.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp 1da29816344769cb31f81ce81b21c2f0.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD5deed24c118139c3c0baf740aa1c5418f
SHA1101f205f462f5cb6f646c1f28ac4ca9c4b2f2cce
SHA256eb835f80831939867e57b9c7722fe73a84704c984770d4233cdd06b68c6f0ac3
SHA5123ae4ada66732bd87742206df0aa210c8ccc8e0ba2907e45e22493cb67329073b4079f80d44526fdd51771fb70c4dd8c9d16cd785bf6cd3a3fac0be8321771c0b
-
Filesize
146KB
MD5fbd0c6a6e907a43390aac6b2d77acd3c
SHA18dcc2c93f4999641eed1360f10ce6e28afc3e5fd
SHA2565b3481b327675001690004f7b8a6343ce5e2042f6c634bf04560f6c968e053f3
SHA512e4981ec3c5dc6c564f3898765f6b1f9db7514b7c55f4f07ce20063fba1f9a747588523b977348c697d7a076a339c236f7ed0e3bd36c09c76089102944aa93013