Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 04:07
Static task
static1
Behavioral task
behavioral1
Sample
cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe
Resource
win10v2004-20240508-en
General
-
Target
cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe
-
Size
42KB
-
MD5
39821beec72e6c7c37714b19f9fc084e
-
SHA1
fe309660135148ff4a1b2e0a959ad9c2c6ba4e84
-
SHA256
cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32
-
SHA512
e1fcb33ff46f4f5252d48f0355be330fc3cfea87c40232fc43a063af5cfd127b5859d0a98892f47ff3e064d6e693f9d13f4e331974af780015823cee8c5bdb7a
-
SSDEEP
384:GBt7Br5xjL9AgA71FbhvuNBN10wpAp/lvolGClvolGaDAD8olDolm:W7BlpppARFbhbt7Y7Sun
Malware Config
Signatures
-
Renames multiple (5277) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exedescription ioc process File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSI.TTF.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\7-Zip\Lang\sa.txt.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Java\jdk-1.8\LICENSE.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\7-Zip\Uninstall.exe.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\7-Zip\Lang\si.txt.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmpFilesize
42KB
MD562876bb65d1ecbdc97dc16b763c45a77
SHA130c0804c94987d003af638274585a995d346154b
SHA256b2a5f0e03ce35fd26a3c248b9802b707289ad00db4d9d2ee3722617b2db7c6fc
SHA5126896511f6de44b67762fea5671a58dfdbb492a3c71d6d54009c0ddb53f18c7f150bbf9384cbeae3a4d5d2146d253b7b6abf4c430e354b15cf38e50e91d4df44b
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
141KB
MD54f3d48ca28770dbcb333964eee1e445b
SHA1ac7db119abf3ecf61f64c18ca2b9c0dbe95610cc
SHA256a7248250105cbbe93452458e77f68d5cda3c16ac4a6b9dc159c3cd4f052c3750
SHA5129bab0082aafc1fd725542f1d6528c5919f9e7a6f9f96efd58f0c5af6199b97d707413ef205246d3a56460d8bbe795dd2fa6d95973d472680146524bf86b4cc56