Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 23:17
Static task
static1
Behavioral task
behavioral1
Sample
6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
Resource
win10v2004-20240426-en
General
-
Target
6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
-
Size
101KB
-
MD5
6f2cbe20dab2e40e882e5bc647e0f30e
-
SHA1
bc28a7564ecd6237d6e1c558386ec846336f9145
-
SHA256
6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa
-
SHA512
e9cae7ea62ad4f0e0f2ff660d1ac0957f3ee324bf7dc7697d1f1551c2aa13273fa5bf2d2d6ba7c83022d71d70e110c7624549fc2a4355ece69152a9b46325814
-
SSDEEP
1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPbbIbj:6rWpcOPxPke+e3fFpsJOfFpsJbgEG
Malware Config
Signatures
-
Renames multiple (4863) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationFramework.resources.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
101KB
MD53f6116bb5e2382eaaf67af58f36712a3
SHA1bfc27b225b6538fc9c3b2065d85f91a754d90466
SHA2565c9df6c449a8000a2b9aa68b3c0a004fa80108e1ed8177c201797ccb27dc5e9a
SHA512160e79a0a7db63b7539c34c4170d1607bdda9495092f820fb282cc43eefe8764ebb5eded7ccaa1f50700c6ff846457017f790b68d5e22a8066fdb251d36a60a9
-
Filesize
200KB
MD52f96aa33274f688519b610adb088deda
SHA16d55041d6e55e69a4410b5b2ed52b246fbf4159c
SHA25625b1c40729a93933ee0fe2de741f46333f794e8a6bd8d7183a06580e5f172f14
SHA51228c22bf47813024138caf10d452c7dca89662df714e1af3080f9a9608455d6da09a0e4f9665a23a136d6568a2197ed6a6b1b569ee6e90586273131a6764e4306