Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 23:14
Static task
static1
Behavioral task
behavioral1
Sample
6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe
Resource
win10v2004-20240426-en
General
-
Target
6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe
-
Size
44KB
-
MD5
33ce7d46c7d967719d76a8a55a674091
-
SHA1
4ac3a9165dd3ee7d70e749126b0d40e1a10153b0
-
SHA256
6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe
-
SHA512
2612afc78cacb3cdbdedaab23fdf758fbcb938838b9f03d44ef7145ecc1199f9f4d74c1d2c03d9da43e6261c730e21862da21a1c4a88dd372505169053f0874f
-
SSDEEP
384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDB:W7BlpNLpARFbhblkYlkuvIYFWcDYcDB
Malware Config
Signatures
-
Renames multiple (5270) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Java\jre-1.8\bin\java.exe.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Java\jre-1.8\lib\currency.data.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\7-Zip\Lang\kab.txt.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Java\jre8\lib\deployment.config.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD563fdc4c8650d4f700fb75ea99932b2a8
SHA153271d672ff4078630f407e29bf291eae4fcf4da
SHA2564962aa7a5947e5d8aa1258498ed2a29817f875bd69040f3d0d5a6c0158673259
SHA51254f44b70f60b9f6ea734be9abbe1a11108816b7bfb997a2ac91b288aae5cf1ffba6aead289f6179db99808623b496df1819deb1a677497327809746db14325b1
-
Filesize
143KB
MD54c2b0b5a63f4743a915665676cdaf0bc
SHA17872a13db54a61bc08ceb28c17e3430f738e3923
SHA256d6f911d67c2cf05365ba0e44ab58e7a2f048766cdd2f68984a01eca9bc6e1eb3
SHA512fefa5583436ac3f2cfc06e97f5033df408cea21fcb7ec82b58e57aa4fbedbe2930c02faf64166ce08ccc258d5556bd7c0ad478203b6e835a5024b4faea557cb0