Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 00:01
Static task
static1
Behavioral task
behavioral1
Sample
808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe
Resource
win10v2004-20240508-en
General
-
Target
808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe
-
Size
92KB
-
MD5
c53e86a0cc43377f5714997938682731
-
SHA1
f7b487761860ec5e7f95c07da93c2a9b2f28fbf9
-
SHA256
808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda
-
SHA512
5d817b3836c0d135b89866f5ace5b0d0bb3d978bc191e45962895020504b537a81aaea8a2eea6b5151e67266a04906d36901ca4bd1b2f3dc1b6b5ca2a8dba796
-
SSDEEP
1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaqvx:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXN
Malware Config
Signatures
-
Renames multiple (5199) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\7-Zip\Uninstall.exe.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Microsoft.VisualBasic.Forms.resources.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\7-Zip\7zCon.sfx.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
93KB
MD50e10837f95e58891ae1be9fa7cb10d72
SHA14a36d90a284769c4f7fe307d3836e41070b1b11c
SHA2560673440acee7dc27b73df06a7375206d0078de5ecef20da3fec2be21b5077efa
SHA512ef5202bc347690d0ec03afadc97d9f2bb4c9fb7675b598a7aa5105a4a86ef6d174c681ccb85125f5508109d92a177f495c775c4906f84ab17764a2b45e45812a
-
Filesize
191KB
MD5c325fbfd67be18304da63453643b10f7
SHA10b44886071b3260830f97bd34a295bc57106962f
SHA2562fac32cf82c0b0af903e87280979a387b9c971b407ccc775cc382a0a6086c678
SHA5123e6e730f41d0e58533bb9dd6b94ea2baa2c5115d860d0dfc0251da1831d9e5fbbfe0878f937834730fd79d15d55436c1570ff46cbc5965477a9ef65e780412a9