5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
Size

244KB
MD5

c24389c33bcba5c0affa69178c80feca
SHA1

ae2fa95372bb4d5f2d108b01d3fae5f8e5cbc4fc
SHA256

5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef
SHA512

616a8f1767605d43d08c53ad622d3838caefc38c5f41da774858d1574a2b1cf441e42e32fb2cd5888c7bb0ed20bb29de5c8d83dc80a425cf3e37b2c31e090821
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBe:PqFF2Ke+eDJ2iaNSCKSkl3U73PU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1835) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Primitives.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\WindowsBase.resources.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationClient.resources.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\CloseDisconnect.odt.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Timer.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Forms.Primitives.resources.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Xml.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Csp.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.EventLog.Messages.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.DiaSymReader.Native.amd64.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Metadata.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\PresentationFramework.resources.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\WindowsBase.resources.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Input.Manipulations.resources.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.FileSystem.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\WindowsBase.resources.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Ping.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\System.Windows.Forms.Primitives.resources.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Intrinsics.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\ReachFramework.resources.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Loader.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ObjectModel.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.Design.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\WindowsBase.resources.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Accessibility.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\PresentationUI.resources.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemData.dll.tmp	5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe

C:\Users\Admin\AppData\Local\Temp\5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
"C:\Users\Admin\AppData\Local\Temp\5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe"
1⤵
- Drops file in Program Files directory
PID:5100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3045580317-3728985860-206385570-1000\desktop.ini.tmp

Filesize
244KB

MD5
88d2b911f73b4770ced828a0dd024242

SHA1
ea0b0a8cdc9515866620a5fa9ee24ddae6e4a756

SHA256
046cc2d918d4ec8be3673867944db2805ff87ce7df4b9f82210a1f9e8fd1fe7b

SHA512
0224e279b6b8d873ac84bb2bf2c4dcd74516f50642476f3e6f35a3dffb1ee0a03e8d3599a57137a89ceac90c397ab91cf5d8a4227f6cb5f1de85ad22c8537014

Download Submit
C:\odt\config.xml.tmp

Filesize
245KB

MD5
7999e70c5a8da92f218513967428fb38

SHA1
c36d2b2ca1ea8ea0ab66e53245e531a61079117a

SHA256
abedb016f69831f45c2fcdbe78575e60566db9b03b85bcaefb64d1649376ab62

SHA512
bb2a6d870139db38e4f20f6d2fd21f007a0fce192eab29357b2f0052143c2eec2ea35df6599bc8ced5afadbb4f1353e9fde77a3e0b09d3c97469b6e2f2ed3ef0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads