Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system -
submitted
02/08/2024, 07:42
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
74784d76a6c7779926f085f0900395b0N.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
74784d76a6c7779926f085f0900395b0N.exe
Resource
win10v2004-20240730-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
74784d76a6c7779926f085f0900395b0N.exe
-
Size
133KB
-
MD5
74784d76a6c7779926f085f0900395b0
-
SHA1
e57dd630821ebb6e2318b5c84433db23a9488a40
-
SHA256
7e4ea8b2cd57256e041ed5990246e2e842634a6a7888c9ec508eb11fd12ee2d6
-
SHA512
55969912f3213521978334c166f3a5d9472a0fe68f21ef95c03fd4141146d180a63da2302119b3f2f5662280106cd0ed097e53ab63e4291e204961dea34ac57f
-
SSDEEP
3072:6e7WpHIyRF9ESWu0SWuDmSXrw3Mtr0s8P43y:RqlIyFESWu0SWu2s8P43y
Score
9/10
Malware Config
Signatures
-
Renames multiple (4327) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\7-Zip\Lang\uk.txt.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Primitives.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\7-Zip\Lang\ca.txt.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\d3dcompiler_47.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\pt-PT.pak.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp 74784d76a6c7779926f085f0900395b0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 74784d76a6c7779926f085f0900395b0N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
133KB
MD571a61cad208ed8c88c0506b6871bdb90
SHA182cd4f5306cbc7f23122d87421423c2e2392543d
SHA25602448a509e7af3a7940e5cbb6b8444ec8036250a31c663fbafd35836e2023033
SHA5129f99b9b7167623453dd039135a030d65acb9f1873e2fb7ba1fe997b95511eb7b115b45e0647e3c9d43694fad6c648bf0f92b72b76d236ccc0497b8c7ca46d411
-
Filesize
232KB
MD58226a5f4e49c63682e933e121bc08203
SHA1b78dc7301a2ba1f6bcc61f4b3c85b6bdfedfd437
SHA2564efe1b40bc88262204b504502585bc46d7ff8d8f422abee1832a0d6e26b2e914
SHA5125d358c13725820b991bed92c260869d8270477993f7848a372e7f720c5205358f61cb1f70980cc80a9e51e65a7848246c3ee1fc2a797695913dc75fb986cf164