cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
Size

63KB
MD5

1ba736588183de99e538b6df3068c705
SHA1

f8f651b5278c41a16cd6111f70d43db037ceefce
SHA256

cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb
SHA512

270482a6c8f62b496fe87ace7df1de5a49eec9ee82f056c06f0641ecedb71851a29ed996ef68b60fef449025ecdfe76f46ab508f54de30897050323729ac162c
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5nyQG+QGCUXqb:W7ZNLpApCZrt8PWGoPWGANdNyko

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4873) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Java\jdk-1.8\lib\dt.jar.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Primitives.resources.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R64.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp	cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe

C:\Users\Admin\AppData\Local\Temp\cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe
"C:\Users\Admin\AppData\Local\Temp\cfecffd67f68b57c5d2f0033b49666f94a9f9d5de0db4f28edd8df0f66e18adb.exe"
1⤵
- Drops file in Program Files directory
PID:4252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1403246978-718555486-3105247137-1000\desktop.ini.tmp

Filesize
63KB

MD5
abb4e26bbb9521b13816e025e768dda0

SHA1
f6a010074ab01b2413a1114632758512e702d7b0

SHA256
4cf2c7b4bbe804974e0140edc1d654b1604cf0200f680780a4d3efd0f224fdca

SHA512
023dde274553f72367427d71f1d76c625968d095cdd75da2c2896fd0aca94ba4f7e48ec5c31bba4ca64e15e50d6ae5f435874ad3141e8d65343b034ca84f7e41

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
162KB

MD5
a42806a2b62156e88207b76796fe48d3

SHA1
4fba2781ed729eacdf14793ac36dcf8923fc0775

SHA256
7009f2806a9a96945cc31b0bcac20535542763ddfd30c5be1ef9e45b3be09698

SHA512
9250367d793d727a4c19779bf6f7609d808481632c7240eec2c0a0d36079cf4a7c9c5bc1d3c31a89b2f86d8d34463d8603856a1acb8f20b5c412eaedba5658a3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads