Analysis
-
max time kernel
120s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28-08-2024 23:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
787e6e769cd979c95a36ef15b9a0c540N.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
787e6e769cd979c95a36ef15b9a0c540N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
787e6e769cd979c95a36ef15b9a0c540N.exe
-
Size
194KB
-
MD5
787e6e769cd979c95a36ef15b9a0c540
-
SHA1
2d55887261a282b8eb77e09fe783c0f595a196a6
-
SHA256
145d4a7abe64e78ae5674756875f606ce3ce788c94d72913e28b2fbcd2c1ba22
-
SHA512
66a9d88e31087522a38b268eaf4b8e0d285faaaa5483569beaf5ef8970ec1f4f548bb775291a55876a9d16b21b774eebf41acc888bc35028fd20eddef357c1c2
-
SSDEEP
3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBJTzkg:RqKB+tOkWKR0iJ0lTzkg
Score
9/10
Malware Config
Signatures
-
Renames multiple (4103) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jdk-1.8\bin\jli.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\7-Zip\Lang\ky.txt.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp 787e6e769cd979c95a36ef15b9a0c540N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 787e6e769cd979c95a36ef15b9a0c540N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
195KB
MD585f660e64e2c0d9f5cc911dae97d3239
SHA1842d7bbc2fefe261330df70829694b1d20720bf4
SHA256dd62cf9bc92a9f19161368c32d42fad959edad3e36d2810ab98d766912a74e44
SHA51268959d4f2148e82b7a75241c2053676dc056c0ea295ac65cb7964add6482b2b8bd240ac759fb282b9be8fa95b5f68cb6b456b9e27760713203ee2a0a378cd831
-
Filesize
293KB
MD5dbc5ec445d222961feaa96037c6e1078
SHA162262edc6c7667623671d3330dbb85bd969b9076
SHA2564966559d5ebf77b23f45cfa382e5f674a8757ddd42a1e6d4a143c5b6367101f1
SHA512c05e33e21aa2247ddd1bd2a5dffaa4d9588eff92ac0602950468af467d88dce1e5239464882a34b67d45963571bb8c6cc38f52a5c2045a103ed30a6a0d8b2cef