Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 23:19
Static task
static1
Behavioral task
behavioral1
Sample
709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe
Resource
win10v2004-20240508-en
General
-
Target
709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe
-
Size
81KB
-
MD5
99524f0e97132ebb2d26d6075a609a2c
-
SHA1
e061e2778578083c0a25af4a5b72cbe35d2cd22c
-
SHA256
709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2
-
SHA512
efc618613af4027e3128a019b748cce812df0d69ce56f4270ffff4949fbd192d49802e72bcee684c1bf9584619e0b55cc9ce57fa62d5fb5de11483f3a4fb225b
-
SSDEEP
1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSW:6e7WpP9oVLQthbYY9oVLQthbUvx
Malware Config
Signatures
-
Renames multiple (5168) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\7-Zip\Lang\pt.txt.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\7-Zip\Lang\lij.txt.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Office16\EXCEL.VisualElementsManifest.xml.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Cambria.xml.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ms.pak.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\7-Zip\Lang\tt.txt.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_wer.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5aba7943b74176484d4499cf684ff1bf2
SHA1f1ad5a7f56e700642906cfcba510c0c1278137be
SHA2564e80273c17e0ee245f7bdc3c24965cee4986eab8b4334aa8368d9e3482e07a05
SHA512ed7b7081ba4bd00128954ad5e974c9b77a4a6569347fbea1991820c186e29d98745277acaf03a0bde1a2f627b54b35d5cb318cb39ff6018175c87f7fa11e829f
-
Filesize
180KB
MD5c35b2c16069f41a960030f5aa902b34b
SHA1a8815651a0263624d3d35a634e7cd56d74423653
SHA256300c6674394b5b4c01338a1bd44ddef1aa21f218869ff46f5a3fea03c2516edc
SHA5125a8d3443c2743005dbad521d209a37d801991bb5c8f04bae19009a55258b8a7636453762678362df3675e6168e3f06847cec693025caf5d0d70ee1926f82157a