Analysis
-
max time kernel
150s -
max time network
62s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 01:21
Static task
static1
Behavioral task
behavioral1
Sample
a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe
Resource
win10v2004-20240508-en
General
-
Target
a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe
-
Size
75KB
-
MD5
dc851ba2d43f319a168415ef63dc7803
-
SHA1
c874ee2fcf32d53f33220519dd08cca261485545
-
SHA256
a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254
-
SHA512
ff54fabdf2d68f713c3174ace92c55596e2955517eb1394a220657317ee477eafdaf8f7f2e1d7c0a6e9eb895b53373556dd260f0d4db83d3055b82d5efed647e
-
SSDEEP
768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHq:W7ZDpApYbWjIlE77ufL2e+efZwZ2U
Malware Config
Signatures
-
Renames multiple (5073) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\eventlog_provider.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Office16\PEOPLEDATAHANDLER.DLL.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\AppXManifest.xml.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
MD5b7ad92d380376c8653f4b592c24e2bec
SHA17f9c41fe94f7b3ba95c9efad030b214e0999ba51
SHA256c1f713e8056762f698ffdb650c1f7c6cc24216823ca94edb99bccde8d1061870
SHA512486ebf836305f1df6c0276ae11b404bbd4ddc558a839f5806c6b64a02d4b523cbcdb1fd9764cdf436d8cb898fb05d64c3e544e8d3cba45e8d71406bf41079616
-
Filesize
175KB
MD5670415fdb4789edcdf4fc9f8344cadbb
SHA1b6b8e84a4faf9c85dd2492f752e122808ad83f06
SHA25684e238a7361d5036515f1b4f8739b116f8e228e32401cead823cae22dcda2fce
SHA51281b53e2ca8b29932c24b5bbce92ce74a4a2e710baab5bd20a873181579d7f2f16811859f187d4ecdd05787c59bafab7a86dc18c45cd1652e914f7ba4e49543a2