Analysis
-
max time kernel
119s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
18/08/2024, 22:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
98ba717e93a15e570a41107292d78ac0N.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
98ba717e93a15e570a41107292d78ac0N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
98ba717e93a15e570a41107292d78ac0N.exe
-
Size
58KB
-
MD5
98ba717e93a15e570a41107292d78ac0
-
SHA1
8d39d69015403dd2daf18c819bb3d8e675fd37a0
-
SHA256
e02ea5b8bb7322a2a966cdca849a1c744fede1e39da13f233ca8cfefb2a6f9fd
-
SHA512
8dc3aa4a9cf71e8585dc912cb9fde67b3046e04033edd5d4adc442b2c6380d559ea758a05ef6cb67c6c0a096d9e15ec5a64415e5a3d23bd365d6f1070b4dbec5
-
SSDEEP
384:yBs7Br5xjL8AgA71Fbhva4S04ST1zfXz1zfocuc7WR+Rq:/7BlpQpARFbhS101TZXzZ1WRyq
Score
9/10
Malware Config
Signatures
-
Renames multiple (4615) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\cs.pak.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Java\jdk-1.8\lib\ct.sym.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Microsoft.VisualBasic.Forms.resources.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationFramework.resources.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\en-US.pak.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ru.pak.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Java\jre-1.8\release.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\7-Zip\Lang\pl.txt.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\uk.pak.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsBase.resources.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp 98ba717e93a15e570a41107292d78ac0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 98ba717e93a15e570a41107292d78ac0N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
58KB
MD54f5cf71b29a1082420061e7f029b9dd8
SHA11c531b7831bca619a5c81ca9512b9c30db6ad010
SHA256f6ffe664073eba3298719861a7ad26618a4829a717b3cf4b52397ccbab73bd82
SHA51278d76bf3d28ed2b4d8a47abcc2fa16410ca09d1476239b08e600c5973f640c8505b3fbd49706136c6d10e17c8a174beb53d3dcdb6384a210125c45a7319514f1
-
Filesize
157KB
MD5896bb9ba1faedabce2ba6ce1c58abdf6
SHA160f093e4c692afd8b8575fd0174a4dbfb38731ef
SHA256c3cc12443c9e7e07d8b892c2a3dc15d3901ccb012518a51d52af4513da7925bd
SHA51238401df3dddcf9c196264df7035a42dfbc1a5256ce0b95e6a5a13655e4befc17f292af936e99e4f8abfefa1b37a2ec9d9d5fd8459a02d01f9bed89300d605564