Analysis
-
max time kernel
149s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 23:42
Static task
static1
Behavioral task
behavioral1
Sample
79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe
Resource
win10v2004-20240508-en
General
-
Target
79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe
-
Size
82KB
-
MD5
766df5a7a4f1ca222bf5d8136d9ce325
-
SHA1
d7be7b24c9ffcc7da8bd9d64c5c02ff5e5f0644a
-
SHA256
79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41
-
SHA512
ae0c10a18a31d0e8217c18ac6466ea19529a721924347a01e796c210496cedf429893ea790869b89250e68a789d5227be71cfec4b4ce586d959a5dc81c4ea019
-
SSDEEP
1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t2rt303hHUs5N:6e7WpP9oVLQthbYY9oVLQthbUrt7t2rE
Malware Config
Signatures
-
Renames multiple (5194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_f33\FA000000033.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\WidescreenPresentation.potx.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sv.pak.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
83KB
MD5e2203197767e1308a14aa12e783848c3
SHA1a21ed7eaeeb7638a4375ac536130f83b6820ccd8
SHA256b0deacad61cb4c44fd671bd9ce19feceb6a14b0f387054e7cf076230e8a92ddb
SHA5126ab59cd8cc9cd62f189e31db4553482eed15b053d06c819f4c0033650b146aff7be97cf5862b0cc48e74483f49e2398c9ad3ed30df4d55b1e44eb97d8a7e1c2b
-
Filesize
181KB
MD56f3d68c50cd2317cc626eb8dc5be77c8
SHA17b14c2b2c92566c5c711dd9d9b3084facbcdf263
SHA2569576a9232be728dedd96b22cbfe6a66e2786b5d9e9465d57e05961129335ecfb
SHA51294d4e015fd381a646cef2b989e97c364c42428e7c18c849183e9fbc0ec3c41a04a9fa36bafd10e6d5134ea5bf1cdd5ce0b2f1de29eb975e7f53b1a1f12512596