Analysis
-
max time kernel
120s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
15-07-2024 05:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8c85796abb048d98520590cefdfd0ed0N.exe
Resource
win7-20240705-en
windows7-x64
2 signatures
120 seconds
Behavioral task
behavioral2
Sample
8c85796abb048d98520590cefdfd0ed0N.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
120 seconds
General
-
Target
8c85796abb048d98520590cefdfd0ed0N.exe
-
Size
79KB
-
MD5
8c85796abb048d98520590cefdfd0ed0
-
SHA1
95ddcfe6526fe3525d2ce1be769853f9fd7f5c17
-
SHA256
1964326a5b6162518802e4d796b7880b31ef54a1afd4f7767446c8f3a9b2b287
-
SHA512
2fdb6e99ed14858d423c1c77f3b86d8c438bd16096ac5ca655a632cfa51d40e061649fcd5d80cb344ffde7394947b956f397de0ef325b9eb38875e432fcfec3d
-
SSDEEP
1536:W7ZDpApYbWjIoPyPoLzV7c6Sh1Xe1SA1S/:6DWpboAo/
Score
9/10
Malware Config
Signatures
-
Renames multiple (4644) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\notification_helper.exe.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\te.pak.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\7-Zip\Lang\co.txt.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\7-Zip\Lang\ps.txt.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp 8c85796abb048d98520590cefdfd0ed0N.exe File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp 8c85796abb048d98520590cefdfd0ed0N.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
79KB
MD5b635b4c947e5d60d1ddc8712fab41eda
SHA1b622ede8f079a0b8a3fcd605841c648414d7e845
SHA256be6e555f3364252b7a40e9042a89cab073507a182f7b0e62f4b75123c2562678
SHA512b270ee156fda47efa8ad27150f65d4efdc1286532947c9d24970de07df6f9d5c6c628573c947ae6b356524b032e0271b9d3075e7b2fb466791f74d82320fbbe2
-
Filesize
178KB
MD5cf1f83db9c426fe4848eaeebb943a203
SHA11bd49c022bc5b123e060737c77e5d74cc901718d
SHA2565cf8b1c38a97610cba6fc3c66485c65a8bdf2f45330ae3eb3963cc25b8907520
SHA512e72d56b657d0612d9e2a0b1dd9998b8f71f8f17308974c6db2da7c7e56a096cb65a035907c394b49667b564c773ac453782612be285c82954f77d877b543c303