8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
Size

41KB
MD5

3eb9c5ceadcbdb2e7d93807d9fad0536
SHA1

8f651bd3a83fc85a3411269a6aa21c7858c15fd6
SHA256

8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c
SHA512

08018aba0b312af825ed1067dce0b752838b878620bfed9f42a0c9e000d2b5d4f769d4ef40c3583d16f50f06dcef5e0982f4dff88a4af0bee5e9debab060d11f
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrg:W7BlpppARFbhWJh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5330) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL044.XML.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libEGL.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\EEINTL.DLL.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySharePoints.ico.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClient.resources.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvSubsystems64.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-math-l1-1-0.dll.tmp	8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe

C:\Users\Admin\AppData\Local\Temp\8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe
"C:\Users\Admin\AppData\Local\Temp\8c8cc946f4b3d30c4fbc9afe845fd4ffad0c5dcc97dbc755ff2e6948a590b97c.exe"
1⤵
- Drops file in Program Files directory
PID:3616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
41KB

MD5
df6b53d2d315f4e73859296cb3025486

SHA1
2f9966064cb2531a6ee957479ec77016585a2991

SHA256
56103fcb0b2005e7b8bb8648e0196aa529577d4b7acbed292bf4c30293bfb36d

SHA512
2c0312b2d15471b6c98c23c0419ed8d3c1f923aed1efc6ce2b565e46ec145ade8c3cbf15c15794c704b5a924f452935bbda4fcfada2ba49f2ad0d5efeabc5194

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
140KB

MD5
ca1cd097c2600e142fd6a14a30fe5879

SHA1
7586bff6cc02a6ccc1b0f4ffcfbf614b1bad360c

SHA256
11fcb64e838a9ed17b2fa02dd5f7a1be3c93e89b14b957e72e10c91cf2aaa367

SHA512
eac2f9cc33552c9edc9d79efad3607829aeeecd5c2120ec8605312671d0326dd8babb87f8832bcde29e4c78d4295c3cd00e8a31f96e909dc173052b80d97c8c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads