Analysis
-
max time kernel
149s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 23:39
Static task
static1
Behavioral task
behavioral1
Sample
78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe
Resource
win10v2004-20240426-en
General
-
Target
78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe
-
Size
45KB
-
MD5
25e1ca297bab9176df3f52b8e9140b0b
-
SHA1
8a64c4c962a5cbc001f96f703afc7a226590dab0
-
SHA256
78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1
-
SHA512
1aa7d34b8a3c75394fee892c54f4b90675b5679ea3cb771692a8c58ffb319e717ebb36b36c4ff404a0194b0cb6b2999698fd299fec84324a8090dfc90d25d06e
-
SSDEEP
384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFO8A8a0A+2:W7BlpNLpARFbhblkYlkuvIYFI0A+2
Malware Config
Signatures
-
Renames multiple (5185) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\7-Zip\Lang\lij.txt.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Overlapped.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\7-Zip\Lang\tr.txt.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\7-Zip\Lang\sa.txt.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD5c3eea1dba51168382e157d6ac146d017
SHA105d7ed4f3114ac06dea8f1e15855b4aa530e3113
SHA256b40872b7c550c4ea570739cd291acb5fa2f3d52e9adc0339d5cd40da37723e51
SHA512868d70e6dd98b97432d37bd467c75a793219f43a23c3525942508a36a5f7fe78f3be4861c6ead57991ef15c726a2d9dbbccfdcc6cbca62d95c19b83bc1e10fad
-
Filesize
144KB
MD57317591909127719abb08041b6e6e663
SHA17bb58d198745301f4e215edc98363f1a783fa00a
SHA256b7f00a6d872762d06e1d333001d773a59a4da8e31cca13541424818511e8b6b9
SHA512da8e6e4d0190e3527ec292dc01060045c0afc66f9795c7c1d85a2a9702d8503ca7d0f69ce702b27906fb0b37d7452dd760b457f7f555606159a9c65bc0aed7cd