ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735

Analysis

max time kernel
150s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 22:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
Size

102KB
MD5

4b85607eb8cbbe7174a6f818b6d0d6aa
SHA1

85a75df5a2ada1d719a64f4fd89e90b25c0be628
SHA256

ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735
SHA512

04970d1156ce7f6d9b42fedd1abaf189f0a0543374ca6107e72ae95c8bef0f41c52f735ac88b768c7d61e8f4b3650ec1fa7723a9f5595c68f08dca93b8e35466
SSDEEP

1536:W7ZhA7pApH1GYSiHYSilWj7ZhA7pApUBENRe:6e7WpoYvHYvIe7WpW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4728) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\.version.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TecProxy.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Buffers.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationClient.resources.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationCore.resources.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TraceSource.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\ReachFramework.resources.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.StackTrace.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Forms.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationUI.resources.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\ReachFramework.resources.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\PresentationUI.resources.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.Parallel.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.AccessControl.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Forms.Primitives.resources.dll.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp	ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe

C:\Users\Admin\AppData\Local\Temp\ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe
"C:\Users\Admin\AppData\Local\Temp\ba2f6c8b976e8ac69cd5785cb19a05ebb1fdbbf8c0ad3617d9cb4bff43d9e735.exe"
1⤵
- Drops file in Program Files directory
PID:3956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1497073144-2389943819-3385106915-1000\desktop.ini.tmp

Filesize
103KB

MD5
eba45c179040dfc0407c27301fd518c3

SHA1
35753578fd7070bbdf9b350e97040e6df293d95d

SHA256
303bb452fd2e41082cbd5334289fda9af094c41bcd01143b483f13c6b75c52dc

SHA512
babf313ba60c313a1d5ba50b76911f4b4d1277edb75b191e8d728a93efc56a1ee735577711e895248cbd01e963ea44d370ab66ceea2374bfe74e1552b126b499

Download Submit
C:\odt\config.xml.tmp

Filesize
104KB

MD5
c9e57dcb2cf939ac5bf26114f6882280

SHA1
fb0dc8f4a1f4e4c2d8e282637c23e1efd4b1569b

SHA256
868130605395bcf13ebd75bc5e0758960ef5d05b315c7b147e65ea4620808950

SHA512
701bf97115750193b5b7a7f53f966c11e8f0c947dd5314f63ca87405c919ee9d355bfd6cebd03cc30c71edc07068dfc73db49fbb19b29e1cf45ee76048690eab

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads