430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
Size

55KB
MD5

9e8affcbe4bb3a40d209962b498cd188
SHA1

044daaddf74a9a1374390ca89d1044dc8b8ea652
SHA256

430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28
SHA512

ada47ebfc9f55abecc102293011efa826fa8966c7a7ecb31e917ff2873237e31dc3563607d7165a001f8159b61da62fd3ab9dd7eb248d1ce8fa497d4a22d5388
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2Fnj28/8q0N7AVn0N7AVp:W7ZDpApYbWjCDOgj28/8q0NQn0NQp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4879) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Forms.Primitives.resources.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-2-0.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\UIAutomationClient.resources.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationProvider.resources.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcp140.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEINTL.DLL.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\personaspybridge.js.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebProxy.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Csi.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.DataFeedClient.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEWDAT.DLL.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL104.XML.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.SecureString.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ReachFramework.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\WindowsBase.resources.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\MSFT.png.tmp	430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe

C:\Users\Admin\AppData\Local\Temp\430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe
"C:\Users\Admin\AppData\Local\Temp\430348f18a19114c9141ea927bf020644510a2f0a41fde722bba5793464bae28.exe"
1⤵
- Drops file in Program Files directory
PID:4092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1497073144-2389943819-3385106915-1000\desktop.ini.tmp

Filesize
55KB

MD5
2546821d0f07f96c86384b57bf59994e

SHA1
435c4b6b0dc79039e40b6a116c11a75c56d0b98c

SHA256
db36de47590098ece9f80f3bbec220005604a106ed5653a64b81030c5efee493

SHA512
f6ffb98bc96c7f4281c1f6e799a4ed34b4844395634bb25bdd26711520fb43ab79eee7f4049ab34a91483c450057a96d91c0d4d5b5e76cfd5a12fdbcb85b94de

Download Submit
C:\odt\config.xml.tmp

Filesize
56KB

MD5
7d5ea582a2bbe678d192209a2144bf63

SHA1
d2964df805e835a0838a89727c05d1e4161d573f

SHA256
3cafc49b7d09d51cd61d289637f54cc6837e47d2b57d68b90e61605f7c89d89f

SHA512
4786df407c55b5375e20a8247d869c6f1b3c5620fd351127d81db84aa7887fea80b13b8e917d964b125a697b6acc0fd62e98d7fef6bf8f7fc850904f1ba14e66

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads