Analysis
-
max time kernel
120s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
26/08/2024, 00:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
05be807cd584cd3654140e76d209d7b0N.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
05be807cd584cd3654140e76d209d7b0N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
05be807cd584cd3654140e76d209d7b0N.exe
-
Size
95KB
-
MD5
05be807cd584cd3654140e76d209d7b0
-
SHA1
17e4d2facc04bde59d2dc561de2cec99ebfe771c
-
SHA256
a9e0d682f91b3937e524c4b14b23e0cc1d3e6a87a564b1dac9c426e4a841e357
-
SHA512
920dbcdb377807f979aa86f182f0b7d92edbdb2b27e09871c821655ba0067efe575828cf834984e6d942f039b89946bb762a0a6a99665561291969890ea90a85
-
SSDEEP
1536:W7ZhA7pApH9QHwtRF9ESWu0SWutlggalggyaRjvmujvmRzqzlmJgwmJg/Svqm3Nr:6e7WpHIyRF9ESWu0SWuDm841qm
Score
9/10
Malware Config
Signatures
-
Renames multiple (4570) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Java\jdk-1.8\include\jni.h.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\te.pak.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\7-Zip\Lang\kab.txt.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-pl.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp 05be807cd584cd3654140e76d209d7b0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 05be807cd584cd3654140e76d209d7b0N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
95KB
MD52c182eac2a843d77dc9b918cf86b7e00
SHA1993cfad5b3d9268ee46d3cb653fa1200524ca85d
SHA2565b4df66beafb7ad7008f353c17a77aea00dc30f809f9a9331826dfba679beefa
SHA5121b10773c73db532d26fac3b86949dbf0b62a2d4385a3975a3550a1042e886f9b3cec7e4dc5faee11f8d5469362b417f6a351bc8e58e0f69fb09d2351db113fdc
-
Filesize
194KB
MD5a14342c8caf3ee373c3586bbd12633ea
SHA1b00876d410cb1196fdc73c6d8bdb5f62f343bd3d
SHA256dca07e854e420ceac6610282092397fed8c509b1700f6d3f423cbbf78cbdc27d
SHA5120fda0ec14c50e8328c256843746a42cb2125a52cc9a648bf7bc5ae4aa058f9f6fe3a84ca02f13c6a7e658196036f9230e497a70038da45ec684e3f9310af79df