3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb

Analysis

max time kernel
150s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 19:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
Size

58KB
MD5

f8835a531dcc373b6345573a9b8beeeb
SHA1

b31786fac10f03f6d3942e16d7188059c2639a7b
SHA256

3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb
SHA512

153ec9e7676f65fa37168a8f063f638f268dd56e167a0fbc0339761c94c8cb1928b4926e2f3e3a1493afa187d0b2e641bdab00f290975d7077fd9b59545e9b51
SSDEEP

1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOM2kJOMnwT:6e7WpXYvnd7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4911) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ExpenseReport.xltx.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-conio-l1-1-0.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.ZipFile.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationUI.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\itircl55.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-string-l1-1-0.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.Xml.Linq.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAME.DLL.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL092.XML.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-private-l1-1-0.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.OpenSsl.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp	3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe

C:\Users\Admin\AppData\Local\Temp\3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe
"C:\Users\Admin\AppData\Local\Temp\3ae07649860341c7d8ee1a2ae8aad027efaf73638a5299dc5560d1263e75a0bb.exe"
1⤵
- Drops file in Program Files directory
PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3270530367-132075249-2153716227-1000\desktop.ini.tmp

Filesize
59KB

MD5
cabb23c4dfbd0710741a155b40e3d404

SHA1
46e6f20dfbfc1c88bc3cd1e9e9e8295aeb754ce6

SHA256
efa9d5398373f307c09fb4e30b5fcca5b02ce81a3a4f6251e24b13351f87c2b8

SHA512
9cd45b8b3809e5964541d198f80f7d0007d52d59591047b1fb3aea51a76d5b63bd8ffe272717ab04f95fa91735d1d9fd46500540870e237ae731f8e6a781a415

Download Submit
C:\odt\config.xml.tmp

Filesize
60KB

MD5
90509efbfc6735807cd530f049a1379f

SHA1
02b46865b19f187e2c3f032a8aad4dd73fc557fb

SHA256
cefd0c59c5f6563092fcaca793f40f0c744b9713865aa4c5488672d0de3737aa

SHA512
2dfa2cc0bf85634dcbe91cd7bb6595ceaa676f4af31ee693c11d8f036a88d9f5469f3d11c124436af40919c563bf0b3f0252df3b89eec8fa2d675c213d04091f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads