486fb689a71f94fabe0bb470513638e7aae120349917bd480a56852d932686ee

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2023 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57e2b4443e3ae17d48c1664b70de1730.exe
Size

203KB
MD5

57e2b4443e3ae17d48c1664b70de1730
SHA1

4e3ea315689938b66b93e4a9058ffede91c2a52f
SHA256

486fb689a71f94fabe0bb470513638e7aae120349917bd480a56852d932686ee
SHA512

5f3b602a811602c0db338b2b247cebbe74f66838d005ba6b7dae066d4b1e4140aa44e271d18f02ebf06a886c2d2dd030bed550c1d5162bdf97e93fc7cb885db8
SSDEEP

768:W7BlphA7pARFbhKKVeIuKVeIaCgx+qsaCgx+qswPNPz1Z:W7ZhA7pApaX0aX0wPNPj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2271) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jre-1.8\release.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\ConvertDismount.wma.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr.jar.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp	57e2b4443e3ae17d48c1664b70de1730.exe

C:\Users\Admin\AppData\Local\Temp\57e2b4443e3ae17d48c1664b70de1730.exe
"C:\Users\Admin\AppData\Local\Temp\57e2b4443e3ae17d48c1664b70de1730.exe"
1⤵
- Drops file in Program Files directory
PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-177160434-2093019976-369403398-1000\desktop.ini.tmp

Filesize
204KB

MD5
1c2d4e3f039bd80a3197f0afd2f22400

SHA1
b6c6d983318da6dd4156aeeb91851ec272776d8c

SHA256
55017ae3a386f9e297898f601fd08ae67cf25e7429c8c9a7efc67a19d3062d02

SHA512
465728cf31fbdef7b19351dc7f516bb50a136f16c08c707a7b3714a90b88ff7ba2883bb2c28cf8508166889f271fd757b1d654c082f3312c1377415d8139cd00

Download Submit
C:\odt\config.xml.tmp

Filesize
205KB

MD5
3c0ddc5f97d47015969656e31024abbe

SHA1
150de456f8bced60f2665c2c9c34b6d15cdf8c3b

SHA256
d26213cd992f88db5c7970594375b9d75200c19568869d62ce223f865c78f08f

SHA512
b940b5f96b42bd5bd9c77c22dcd6225503373e49d8da633a4c8ac1fe2b18b7daacc7bc5875bfd8ed4a9aa3d4fc84783fc8381151335debe713c25534be9e8265

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads