d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 03:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
Size

69KB
MD5

fa8295654fdca9b7693284dc059e0a31
SHA1

827bf98545fe6d4266acd7db7229bdbf58a8f838
SHA256

d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e
SHA512

eaf2538fcee7ab27c17ccaf1a624979282982cabca0244b6e93f2e98c7c27c8cc824d2a015aa0deffe90bdd2db2354e2c501e4d7069a6b7b7ea2ea41e1ca4a19
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tf:6e7WpP9oVLQthbYY9oVLQthbUrt7tf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2295) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe

C:\Users\Admin\AppData\Local\Temp\d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe
"C:\Users\Admin\AppData\Local\Temp\d6d4006ac14f1451d97039e14597a043f43bd42bd5f22ba13cf277bdf912a65e.exe"
1⤵
- Drops file in Program Files directory
PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-776854024-226333264-2052258302-1000\desktop.ini.tmp

Filesize
70KB

MD5
19099f6d1a023aff0f551cde531d4a3b

SHA1
02bcd1eb81ba2fdd18563e99b90868c5ed04ad43

SHA256
4edfc6776ce60a1663a3fed85023ae305863247f5663df1ffa3a972e0c03ffbf

SHA512
05a4b6652370db2b1b59c1f5e55071212dd4271d79055e939d860f0ee9d69dbcf8826a4977784be92237f5f5cc64a65d7a44ddfef8d80c6070e3fc74cac66ee6

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
168KB

MD5
20f24cbb34cdc199e4a667fccf816566

SHA1
911005c32cfe469332f4c72c749f3b4f742ad8b7

SHA256
a002fefb300c273d80e7b3b0ba653288a2094c96d9b670e786005c6e69300931

SHA512
215c4ec1f489bc779260e0d174ae63c5c23a41335cf530718886a27a2e5ca4276cdd69a6492fcfd15b7501925ef10949715ad83e9be33e2305dc1994a8a0dc05

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads