bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
Size

62KB
MD5

85df48a2b2dbc3f6173bcc6033545630
SHA1

d6fb3821ed0d545988362e91b3a6b56d5f65aeab
SHA256

bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9
SHA512

68b6cc94bb4087a2001c7e34146181d404c1a326e692727fddf79b6ecceff613c42a4ad41a54b86e2bf7f3ed6aa24928795890fc3311421d0ce3f9a23ed77c72
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFWcDYcDlvcYNnVvcYNnz:W7ZNLpApCZuvIYYoYoN7n97nz

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5282) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\Training.potx.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VVIEWER.DLL.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\InstallDisable.wpl.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN086.XML.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.boot.tree.dat.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BUSINESS.ONE.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcr120.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-BOLD.TTF.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp	bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe

C:\Users\Admin\AppData\Local\Temp\bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe
"C:\Users\Admin\AppData\Local\Temp\bff6394b3aa239ebcbac4735b779da5b5fdf7ac94e345b9986f21c7f16e4b5c9.exe"
1⤵
- Drops file in Program Files directory
PID:1572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
62KB

MD5
d1e456f541fe62ebadee3ec0ddeb17a8

SHA1
93036fd2b8d3e89219d9752a99f568ae0f692284

SHA256
2f1d13c74272240d6954fec0287d0839e7ae9d192762b3ab931cc8d3397b48be

SHA512
d79d72719bb0b699df594f667af8c4916d8a72f6cccc207001b42c092fe188822e86eaee9e478923918c98ca777c92e19ddd8a94929062a9b091bafea6c1b06f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
161KB

MD5
747fc8e830b71748cb779da0028fc224

SHA1
9b7f22ef7d031990eca2726fae9cc160448f31c0

SHA256
62143f3c64cf3a13beaa523965284400368d35ff2f3e82ad053f49115069d1e0

SHA512
aec41c4fbd9e91af743823409ed8dca77d61f08f12851abbd57b54544ed80d39f1b42c2891024f337026cc315ee2e0f2f7afea553140e513db7d22d5a4b950f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads