Analysis
-
max time kernel
119s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19-07-2024 12:50
Static task
static1
Behavioral task
behavioral1
Sample
984313da138671e48cc6e66c1a217350N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
984313da138671e48cc6e66c1a217350N.exe
Resource
win10v2004-20240709-en
General
-
Target
984313da138671e48cc6e66c1a217350N.exe
-
Size
41KB
-
MD5
984313da138671e48cc6e66c1a217350
-
SHA1
a8e58ae21c645fcfdf9a566fa4cba7032f4c7abf
-
SHA256
49b9a08be4550540b3270f5e33c2c7c2c1b82cefbdb4ce5f5a1cc3a33805510e
-
SHA512
043ec77706e8efce8c30222d929cf22a956b7c01f593f385f03ad705620216e6939d98683591178a1b3431fa7707de6727a512321a15c4406e8d4fa84959a5f0
-
SSDEEP
768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk03CnCn:W7ZppApBULcfpHLcfpX2/Nw/NwNus
Malware Config
Signatures
-
Renames multiple (4653) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\dxil.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\7-Zip\Lang\mr.txt.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Common Files\System\ado\msado60.tlb.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\7-Zip\7z.sfx.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp 984313da138671e48cc6e66c1a217350N.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp 984313da138671e48cc6e66c1a217350N.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD58c260f4791ded8d294cd478605a7d390
SHA13bdb5835b43b94208f3d36e66f9cd1fe6ee9b855
SHA256a2db333cde06147bb28920f96f7e0c2bccf36a6a801b19a08a08ad40b9f58895
SHA512fa1b184fd980a30a7e11b286c3aced867ef6537fe86fcd55eb1aa0d316cc932858bea3516f8ece84f7418130e8cca656bbaa8577f6d75626ffb7f9434ff399d5
-
Filesize
140KB
MD5025940fc03bd7a79ef2222d6e4ed929c
SHA18fe57b0cfa8a5485d0d5b1a98da5bb21200bccaf
SHA256480ec2539cc35492b975fef28e8f281ba6cec1d5a03b594f3e95bf9dffb2d864
SHA512b2aad5f9c5762f646d26d150951e64a705d70b58dd0ae7a0290d198dbc55a29893cdbae28f969be05cdb9a8d27bc9ceb7abaf9be48f1dc05b6a74ebd216fbc53