8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2

Analysis

max time kernel
149s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/06/2024, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
Size

81KB
MD5

74962e708e83b7cf90cd3054ac56d9de
SHA1

fac2d910918e61296b9331ea146f0211de3db5c7
SHA256

8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2
SHA512

47384d0fca5acc329485cce233288e0b4b7eaa2434d59aedf5c338ba7618593d6690c34c579e5aadc4d4c56281398ef6d54950e3f3e191ce13f9fada93f1a4b8
SSDEEP

1536:/7ZQpApze+eO888888888888888888888888888888888888888888888888888l:9QWpze+eO88888888888888888888880

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4827) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationFramework.resources.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.TypeExtensions.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.js.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClient.resources.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp	8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe

C:\Users\Admin\AppData\Local\Temp\8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe
"C:\Users\Admin\AppData\Local\Temp\8cc83b98bb4be74a3d7c2cb1e8cf0f7e65402adb10d62f31ea3637ce5b3245f2.exe"
1⤵
- Drops file in Program Files directory
PID:4432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
81KB

MD5
7f361c5dad9fe645b7480820ccf6fc62

SHA1
01c910feebb64b549d63eeee740a25afa5e13911

SHA256
bdfaf87be30e48769403afa0bacfb4175ab656f7c6040a020577eb0fa4efb61f

SHA512
381d1ffde9fa48db571a1e00325d06b4337f4d4debf656d8d6cf88a71c06e5fb862f9ece70aba674f02a9b916621f9b1087712d2045b12343eceae2505ba8d46

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
09a0a1bca7ad89c9608b7357878d87bd

SHA1
c98ac26004bf91801e7943269bc079a6e13f28fd

SHA256
e17cc2cbe7d1e4a105a9f1b54ab6db17d7fa055338e5970d4e6cee6964dd0146

SHA512
13024279bfe611cef062590189274a5c572b70a8034a150465a86501e0ef6b7d16c6535bd280378f776e6974510d48e401b202f0186113655053bf03292e4c95

Download Submit
memory/4432-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4432-1766-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads