53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 21:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
Size

61KB
MD5

f123864e2821edffc8d0137745fae6a8
SHA1

9fbf5a9565994082d222979de155d03e545a0372
SHA256

53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9
SHA512

2df4df0ef45a0bf7af1626ddb5bd05ffdc789c388ed74f8c079076d2db1f6312bbd32f5e56f81edcde3ebf000fb27d644a3d97c42196af42fba2b14b42f09566
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+Vu:6e7WpP9oVLQthbYY9oVLQthbUvu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4819) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Resources.Extensions.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Thread.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Xaml.resources.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.NonGeneric.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAB.TTF.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.UnmanagedMemoryStream.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Immutable.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Java\jre-1.8\README.txt.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Forms.resources.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Overlapped.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationProvider.resources.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MISTRAL.TTF.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLL.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-time-l1-1-0.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Xaml.resources.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzmappings.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Cryptography.Pkcs.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.CoreLib.dll.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE.tmp	53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe

C:\Users\Admin\AppData\Local\Temp\53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe
"C:\Users\Admin\AppData\Local\Temp\53164d65702fb2f065f39976b912d526612a0c1a388748f13c8acc86f83c96b9.exe"
1⤵
- Drops file in Program Files directory
PID:2560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-983155329-280873152-1838004294-1000\desktop.ini.tmp

Filesize
62KB

MD5
4059a39c5b0b67407f90c658cc78f32d

SHA1
52ed8e76700702691543aab57072091a38dac96b

SHA256
8cb9c2692c4b90cd73bc9c08d87b4c23860e04c3d8d9ba4b6335d1fa9d34023f

SHA512
cec047056800e50fd6c94116994c71649b7d6e1a50ef5003feed53dfad7ba02fab7299326bbe2ce596e62e3900147e800bfa8fe8f48e9dcc391b08df0427a204

Download Submit
C:\odt\config.xml.tmp

Filesize
63KB

MD5
6fec5f7fb4940e529b8cc119eaf0face

SHA1
3d84010b7962addc8b9f407241e4a36901f5e79f

SHA256
70a1ffc22b6bf8f9dc621e44a56aeb74dc6fb1302b30689c46d592fc43f53d4d

SHA512
1c6f3b37d718833f8829e079366062c7f2c36d2048d5e6d53184ae844fc015d7f4f430170f36c8144120d8f75a934e14f0a5e962ff3b3c32ba5dd22b3cecab30

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads