Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 23:31
Static task
static1
Behavioral task
behavioral1
Sample
7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe
Resource
win10v2004-20240426-en
General
-
Target
7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe
-
Size
99KB
-
MD5
b1d6dc3a60c0d843c9be05264407d3c5
-
SHA1
fb34e5ea303620dad146d35babe692ff2f98875d
-
SHA256
7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813
-
SHA512
8897da3514d1a8543e4e9f017e2ce99c571ce7e1304aa0776068efa8e53595b677abe4aacde9ef235c91067bd07d822677cabbaccdf232ebde33bf8242e7ea4e
-
SSDEEP
1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPYX:6rWpcOPxPke+e3fFpsJOfFpsJbgES
Malware Config
Signatures
-
Renames multiple (5026) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\7-Zip\7z.sfx.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\7-Zip\Lang\pl.txt.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-pl.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jre-1.8\lib\ext\meta-index.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL058.XML.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Java\jdk-1.8\lib\jvm.lib.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp 7508f15d6df21966effb3201d7b378b71a4c3b1e4bd3bee082e0977fb876e813.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99KB
MD5fb123d6f32bc2f45a918a40a9514ff69
SHA1e108b015e6ddd9eeaa18769c670be24ee2789f2a
SHA25667e174b2e5eea87effc30b6f97f4d0b0bbea63baebc75a6ce46517d47a01ec71
SHA5128be4b270f469b796925693176302b217ee250c772eac7789cab590c1da01d2b371e3cf86a6576044907ae5fd1d008f2ab87943fef9304224dd17e98d38b88215
-
Filesize
198KB
MD519559f830636034a515185d9afe20cff
SHA1353006caf5c442ebe9cca7c24cf229eaef7ba05d
SHA2564ce7405f9cf0462d900bc2aefdf4b3dc1e7ab4092904547f10d0df9fce76a6ce
SHA512010e8281028e0ccefaa4cd83fbc978b73696762fc30162eef0c98dfe8796d78bfb4109b5a28b524e82a892f0105ab6d5989bb6a762fa86037a663158c7f0459c