561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b

Analysis

max time kernel
154s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
Size

85KB
MD5

7e9bc660174e052e3c823403ff08bfcd
SHA1

4f88757eb4334c43f5a78c0034dcdd4c0300ed13
SHA256

561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b
SHA512

b7de6e04bc35679ec5ff573945c867b600847e87065cc9150fd2982a696f5eb05452b46eac1699d5c117e41f19a6053b386b8d5f4654f8b789202dcbfd149d12
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPO:6rWpcOPxPke+e3fFpsJOfFpsJbgEO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2058) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-0.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\coreclr.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\PresentationUI.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.XDocument.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\ReachFramework.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.DirectoryServices.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Queryable.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationClient.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationProvider.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ReachFramework.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Resources.Extensions.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Input.Manipulations.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.X509Certificates.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Primitives.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationUI.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Contracts.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\WindowsFormsIntegration.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Forms.Design.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationCore.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.RegularExpressions.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationUI.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.NETCore.App.deps.json.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Xaml.resources.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp	561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe

C:\Users\Admin\AppData\Local\Temp\561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe
"C:\Users\Admin\AppData\Local\Temp\561798ad3c61126f47ba4ca6da50e3abe8c3a5983d04d3ca323b1b672250cb5b.exe"
1⤵
- Drops file in Program Files directory
PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-557049126-2506969350-2798870634-1000\desktop.ini.tmp

Filesize
85KB

MD5
8fdda664480ae46e92cd9646645260df

SHA1
da8b2d62380814148c6b5aad931bc123ef8e3de4

SHA256
060141f9d181877f99d03b50a318440ce1d60ee1f440aff56ac5064ec2053a43

SHA512
fa30265cce1221d935534b228d883aaac841b6baf5a8f77a11e3330f015b5dd66c595e661fe241496f086c77f65499e79791b1fdf8135baeabbfe31ef63318cb

Download Submit
C:\odt\config.xml.tmp

Filesize
86KB

MD5
d5cc590f39b4e426f20598bc27ef65bf

SHA1
2ad5a8cbfd3d89534568a44b1d695d47b7da6ae5

SHA256
55fb18316593652f01d26a280ee2973694d6ed1f23a2ff64a05bf8bfb78511ec

SHA512
b7039c3e8844f2b6cca20dcee74ec5d63a42d75bd965d7d849b8a3a15fdfb9d171df8d6fc152d0038a7ddba36e083fd57bf9cea3c1e02923912d2af5d2b374d0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads