Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
21/07/2024, 20:46
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0b5fb9e153f0cb537d28d10c842f5310N.exe
Resource
win7-20240708-en
windows7-x64
2 signatures
120 seconds
Behavioral task
behavioral2
Sample
0b5fb9e153f0cb537d28d10c842f5310N.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
120 seconds
General
-
Target
0b5fb9e153f0cb537d28d10c842f5310N.exe
-
Size
96KB
-
MD5
0b5fb9e153f0cb537d28d10c842f5310
-
SHA1
5122d5a47bb0305596b9a6b917a1c5cb4830f17f
-
SHA256
38cc9a10dbcc39bf2e656b01ab3bc7624d97ca818804b74e5e0399cc52735e99
-
SHA512
36e9839b86a2078e99a4b04450d559a418f2fbc0e10ada346507cbc5eb04036494d740122fbffe669980fc143fc597ffc2546971565f5daf68204bef56f844b5
-
SSDEEP
3072:6e7WpP9oVLQthbYY9oVLQthbUvRIWI83B1:RqAZIWIy1
Score
9/10
Malware Config
Signatures
-
Renames multiple (4185) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\LogoBeta.png.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ta.pak.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\7-Zip\Lang\nb.txt.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp 0b5fb9e153f0cb537d28d10c842f5310N.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96KB
MD5a8ff9d7743dca155d41407dd6b3f0798
SHA18b87d24e8ddf3ba09a21b27ab0d3c95e57671b15
SHA256c40fc68e5fe59f43526cd357b469719255d5a84ed8a1e59ab93963faee29636e
SHA512f53ca90bba1f18b56a7970345c226b507bba5245250fc139d7a643ead8156a776a3249e12d2e2f7be839bcd956ba0feb9d5ea2b4bf7dedc32f6988d5ac459dca
-
Filesize
195KB
MD5fc1c28196a493b62358a5c9617ef6785
SHA1d7e8d7233197fab480c24faab7c00ed84f1ebeab
SHA256575a95d338eac4ddcd47f143df74aad4ec777931db2f1c9b9258435f6bf6ec55
SHA5127bb1a196b7d0f0b27a854a12a74f56ed724d122b528d49dc9625180e62257f2c7c4e3039c419a2d4cfb668184ad5698afe1e5ed6d86a062d8198b242fb604537