Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/08/2024, 08:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
878f64c63478a3e218fa76a01639ca90N.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
878f64c63478a3e218fa76a01639ca90N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
878f64c63478a3e218fa76a01639ca90N.exe
-
Size
64KB
-
MD5
878f64c63478a3e218fa76a01639ca90
-
SHA1
084d731ed974eab83340264fd9e5f5c689d5dfaa
-
SHA256
3fead86e234f70ffa7943a530f25a670359729a22a760159dc57cf5e9dc3f3dd
-
SHA512
c3b347c6dc4643f6465217dddd7a725e8f6f4f60f69f7742bad2f2c9ca4eedc8968e2675a6752b8d71223a8a101f50c017bed7bbce0db5d14398633c2b71db58
-
SSDEEP
1536:W7ZppApBULcfpHLcfpX2/Nw/Nwmx+BlMBlX:6pWpBwchcV2WxglulX
Score
9/10
Malware Config
Signatures
-
Renames multiple (4640) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\FA000000006.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\7-Zip\Lang\fur.txt.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp 878f64c63478a3e218fa76a01639ca90N.exe File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp 878f64c63478a3e218fa76a01639ca90N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 878f64c63478a3e218fa76a01639ca90N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5273d875ae111e101e89d296d01ebfc2c
SHA1a401c20c552011e0d1592413e63e3d7ea1dee610
SHA2566b6ed70a9dd7628c1a058645d86d77d2e7e6a61b0a01396749a829737ff8d539
SHA512a946a7dc52ff11698968cbb306aaba1bf2230c94c871438047f917508e60b0dea80562eea12d64d375790be42cfd62604e32041e84f67c439932f719fe500275
-
Filesize
163KB
MD594bd38bca0360796b1c2ac59377cb771
SHA1a27e4217a001e8484f63d7030d7b138d3ba729f7
SHA2560d2676ef4c4fb816ae123166d85b34f356f0012849e91a68a0d2416e30064fa0
SHA51248161ff61f53d1869757807aad69cb4553e62653fe84be73c61702dc13a172fecd6cc449533ea61cb0b2435968bc146feb87537ea9a2df425f984d5456bacb72