Analysis
-
max time kernel
119s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05-09-2024 18:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f0adbc2ac967656d0e9ff90a4a6c9130N.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
f0adbc2ac967656d0e9ff90a4a6c9130N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
f0adbc2ac967656d0e9ff90a4a6c9130N.exe
-
Size
48KB
-
MD5
f0adbc2ac967656d0e9ff90a4a6c9130
-
SHA1
6d1e79313309929a3ddf013e1326e3fd32b82604
-
SHA256
89952e91d04a1ac393a8525c6f23a27fb810d39c37e425c9cde0ac3f90f66da5
-
SHA512
37301a1958c31a4d5d15b78b3aa7cdaaa30d45f416d751dd0216dbdcba7118233a48f1977dbb800ff10fd3c45074fe9be7111b8dea923d65e03c75618f57e4a5
-
SSDEEP
768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLmuH9uHVoX+OEiJfoX+OQ:W7ZppApBULcfpHLcfpyD9uH9uH28mW30
Score
9/10
Malware Config
Signatures
-
Renames multiple (4676) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\7-Zip\Lang\nb.txt.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoCanary.png.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\7-Zip\Lang\bg.txt.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\eventlog_provider.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp f0adbc2ac967656d0e9ff90a4a6c9130N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f0adbc2ac967656d0e9ff90a4a6c9130N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD5ba569b34143844c4328ac207f377b031
SHA1a83e155c6f38caf4b8479c9362fccfd3cd23f1f4
SHA256761a2587dfe57826599ae748cfc81da1fb7e1d9e08e2a155b14946290a67bcd7
SHA512cf1f731c264fda41f96eba56d7464a7cead4be1fff80d9623901d7db8b45c30550b72ee3371e4c9bf6d1ee16240e60148903a717645e4333054d7a155551d335
-
Filesize
147KB
MD5cabc669d8fad26974260c344b46f4399
SHA1c076e8adc2e5c1e3687cf7104b486b4ec1ef165e
SHA256b05711bce9f05acb862c74e11ac415a3700f4ebb348c6fe285a325be8d114c23
SHA51279aca444551dc64d8ce3a6da22a55eb80af21b90b0700e319ea4d2d4a5c4bf903bc854870ec6c0bf25d63d3203e1e1f200790e27a62e9669f675dcab5b508511