Analysis
-
max time kernel
150s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
18/08/2024, 19:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
01360f16acae47077c3a0028fc009230N.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
01360f16acae47077c3a0028fc009230N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
01360f16acae47077c3a0028fc009230N.exe
-
Size
48KB
-
MD5
01360f16acae47077c3a0028fc009230
-
SHA1
141a5d12f6881e767cb5c9a915d6f85511250a81
-
SHA256
fdf3b38f3f0a4866a01424634ccdfa1f40c06820348f60b001c00e7e0b7b7167
-
SHA512
91b51e9647b7e65d846ecd4323124a74957c0bdabe6ffea7e0dc91beae4f30eb3f0c383fbad909bc2e9759331751b7cd61a91c8a356d7dedcf2eda08093c23f1
-
SSDEEP
768:W7BlpppARFbhjbhg42LcfpR42LcfproFNF5/SnTVwnTVF:W7ZppApBULcfpHLcfpyDqo/
Score
9/10
Malware Config
Signatures
-
Renames multiple (5262) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\Wordcnvr.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\7-Zip\Lang\th.txt.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.boot.tree.dat.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Java\jre-1.8\bin\sunmscapi.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\itircl55.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp 01360f16acae47077c3a0028fc009230N.exe File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp 01360f16acae47077c3a0028fc009230N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 01360f16acae47077c3a0028fc009230N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD5f03a3f90a4f87f6da6676dd02273e1ba
SHA1728dc6ea0aa7f6e6e8b514da61ea509c02083a60
SHA256067ca1e5cb46e42f580e73c34c83a27a2b75fd42cd4a27f3ae7733eb0e30b426
SHA512c7aac1b272debc4092c1ba155c9fd47459c71b51d9ae125c25f71dec24cc4cb8789f4424ef447ce7bddeadca2e17a58f8570c2db72543153fbe2834a14ecc47b
-
Filesize
147KB
MD58a5218507d9b2a732838d3d99ace8d61
SHA1b08fc307d4dce48b760626518ba71cd0b731f129
SHA256c08c0a9326f6d09bbd14b2d5c5c619aa65b3240a29f3dbebc5b4356b7d825cb7
SHA512d94306e16b22e4d8156b173f670123673f741adb3d16c0c576222e45dd59a1fb8695ba325a92cf0d09414685bcd0193d89d0f7f15846fc3c00bfb559cfd7b3db