Analysis
-
max time kernel
31s -
max time network
43s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/08/2024, 13:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
03cdd68e3edc02d2ffdc842c8f911b70N.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
03cdd68e3edc02d2ffdc842c8f911b70N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Errors
Reason
Machine shutdown
General
-
Target
03cdd68e3edc02d2ffdc842c8f911b70N.exe
-
Size
41KB
-
MD5
03cdd68e3edc02d2ffdc842c8f911b70
-
SHA1
8f03f14ba5c03203eba83848c693afc03dfe290b
-
SHA256
7d49f6c83e847e373bbe0d7be1d3bf06d92a39d4bebb0fc3cb086d05b9da9ebd
-
SHA512
0131fc3b76012d0fc191c7de67aba1fb8d5af374ebd632a70a1187739e6224780b60fe33207200fa93018e1f641e3bbead1c97782f83b26a603e298d803ce21b
-
SSDEEP
768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c53hmb:W7ZhA7pApM21LOA1LOrtkpt6ub
Score
9/10
Malware Config
Signatures
-
Renames multiple (1024) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\7-Zip\Lang\ba.txt.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\7-Zip\Lang\id.txt.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Overlapped.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\7-Zip\Lang\cy.txt.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\7-Zip\Lang\ro.txt.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\7-Zip\Lang\ps.txt.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\7-Zip\Lang\nn.txt.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp 03cdd68e3edc02d2ffdc842c8f911b70N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 03cdd68e3edc02d2ffdc842c8f911b70N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
41KB
MD5365d5eebb4b95f6ffd51cf2a19a0aa6f
SHA187ead685c7838b438e80509c7379aeccc41e98a8
SHA25651ce6dcacb0ed9e71a7dc05122d019bb0f536bbe62df99c1bfbf06820f46e9bd
SHA512c850a467b7e2c1c6c82af658cac3af0a2491febc04b21b01f3385c5369f154590f824755f911a24b19b7ed3c3120843152e36b078647ad2eaf4a1f07b05a96d4
-
Filesize
140KB
MD56df5cae081aff00fe6b59924d993afd6
SHA1f524d24bb31e4d323b93ed04fec36bae0eafffe1
SHA2567059cbf3abb5f54bd3be0eb63de77430c7e908788a83ea19411ab520b6e07617
SHA51203443ebff67cc3bc1a689e93634580f166419493674b1dadea4810acbd6382780ca245b817d40c0003a7f6a0f0c3cec1b1e9878de29c3aae63a1954b778f0267