Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 04:05
Static task
static1
Behavioral task
behavioral1
Sample
cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe
Resource
win10v2004-20240611-en
General
-
Target
cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe
-
Size
95KB
-
MD5
fd32aba68ae43140d228a1e255289926
-
SHA1
b7104e939b5f6a0a9641d6c7c9a62b2f193c083b
-
SHA256
cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5
-
SHA512
803ea978e2f50271fb8555b56f2b2f8419db7d468c19647d227912996afce6dcf81d898b3e053930ae35b759d622a3c72dafeeabea0436613f7fe217283e20f8
-
SSDEEP
1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNMtnKs6nKs1:6rWpcOPxPke+e3fFpsJOfFpsJbgE4U9
Malware Config
Signatures
-
Renames multiple (4721) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exedescription ioc process File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\7-Zip\7z.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\MSYUBIN7.DLL.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmpFilesize
95KB
MD51bbcc4a35f5edfaa8d0bc3a9013c5bb8
SHA1f9afed9fbbe2a4265b0345ba5daa7371c072258f
SHA2562106dd30cabe96787f7fe4a016ab4308216b3ae79495c4459f0d9bd57638d44f
SHA512a237d9eff9cf7d5091ae9ee0a35842791dd1aff08860a554a8887e0558a551800cafbc938914f966c6421fcb98654443e163a8d483f4985855446fc3af3ccb6f
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
194KB
MD5d63d7092fed81ec8ed7fd985047bf652
SHA151d8f9d2899a69f261d1bcd06618c2f283560bb5
SHA2569f0f35487f6e0465b7c0b7bae25c7771f6005eb80ee493df3876aeabc61dbff0
SHA5122cf7ff162c0878742a5d2f84440bf8c5410d5abff60f7ec94ca109fba0e2d35f7fdf66b27bbeca44b1a877a21d561c6012e22a1350a0e9432b45366e1608106b