Analysis
-
max time kernel
120s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25/07/2024, 11:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ca82078e00547af34b7df428f10d8bd0N.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
ca82078e00547af34b7df428f10d8bd0N.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
ca82078e00547af34b7df428f10d8bd0N.exe
-
Size
55KB
-
MD5
ca82078e00547af34b7df428f10d8bd0
-
SHA1
280b0773df8543683c3b46e1d2d807b057b45749
-
SHA256
34805b70e8a45d039ac77695b0c207057088bcfff4e3f5a345b68b1f341ddaee
-
SHA512
612b0aaaf8096d385769d947109a375702998ae45473301f34f0034ce5756622a3caf62ef6e72289ccead6958a7e132094296cb305e1b9200dd31d11cea6a181
-
SSDEEP
768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/4:W7ZppApBULcfpHLcfpX2/Nw/NwmxP
Score
9/10
Malware Config
Signatures
-
Renames multiple (4205) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\7-Zip\Lang\io.txt.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\7-Zip\Lang\fi.txt.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Java\jdk-1.8\bin\extcheck.exe.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\ReachFramework.resources.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\vi.pak.tmp ca82078e00547af34b7df428f10d8bd0N.exe File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp ca82078e00547af34b7df428f10d8bd0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ca82078e00547af34b7df428f10d8bd0N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD57de372ed35bb21f6bb32751a3c8c1d9e
SHA1a3e849e367cc86e42cb0f370b8a08a434c22f18b
SHA2563d2a04c848370bd95d945b90fcb569c990c46788694d56c71e811ab170d31ab2
SHA51226c7df629a712c0bd52893dec23017628eb7fceaaabd8c7faee87159512292b801e4c19f0b6bb04878d58f058901a665d8e2cd5963a41a963fb1488b4c364121
-
Filesize
154KB
MD553bbabcd0282eb46a2df4186df04f08b
SHA1d5734d9b2dddcf34640a16b4a0c08f4b4a07069c
SHA25609a0d1aada04c62dab4b9c628c53dceb8ce1f1b6c3dfb6cde46a6dea552af78f
SHA512548b6e74a6d9f0eb1e59e9286d2a4797f57feeb13496ba133d03f47cb72f4ddfa227911f138fa355ce53f597ddaa9adf5704e82f5a587936e5d7d87ab76e1588