Analysis
-
max time kernel
120s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02/09/2024, 03:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
eaa7d273b4394bc5e55117d634d11370N.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
eaa7d273b4394bc5e55117d634d11370N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
eaa7d273b4394bc5e55117d634d11370N.exe
-
Size
80KB
-
MD5
eaa7d273b4394bc5e55117d634d11370
-
SHA1
78b56ae69b25baa1c71cfc614c3af232b29db5ae
-
SHA256
67a60b78ad84afe76010f1880dbb087f11a2d0d24af4eefb718cb74819db7dff
-
SHA512
fd6b083fcb2eab0158c4bf8083f6863798e995a49bdf24362fcbf2032c0fa07859bf2e042e584d5061c2b3e319da5b4a33b252a75477f2acb6e17574ff5d417b
-
SSDEEP
1536:W7ZhA7pApvOsOKM4HBhaGwOQ54xEIjlsgu:6e7WpRaSlj+gu
Score
9/10
Malware Config
Signatures
-
Renames multiple (4538) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Office16\MINSBPROXY.DLL.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Internet Explorer\iexplore.exe.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp eaa7d273b4394bc5e55117d634d11370N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp eaa7d273b4394bc5e55117d634d11370N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language eaa7d273b4394bc5e55117d634d11370N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81KB
MD59fdb7a2be0af9198a037da3f8d22a3af
SHA1a3f1576757239958223f42517ae8141c208d23aa
SHA256fd474d24aad794f63320b5303609ccd4ee0939718c2c6d01e9d20cd7ccab1743
SHA512f2edeb50a1affbf65642510c7f0bc68770b94e04da36ee3773371805824abbd92fbcc3472326b26f228d75a69b97958b2bccd51d48491de240b29cd982de0a7a
-
Filesize
179KB
MD5a8c6cf33f977ae75b13821778129db4d
SHA1982cec7b8b2ffe987b825c69d97703ad94069366
SHA25622ed68e107792e04e131e03c213d49d48f6c15a2d1d679b2ba17161e79a719de
SHA5121f63bb54270461ad9debbbca43574905aa3dacc2043c337e1bcba2384fcbab00d595218e07fa96c352a571fe955763939d9a679b3f9a61f0de816edabdc05565