cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
Size

62KB
MD5

4f71d7c9a9eb2cad726e77ce90b21816
SHA1

28e94ecb9e1ba0df84c2487cee320ff02cc5d2fa
SHA256

cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e
SHA512

c7f814e6b5c854cc50fccc135e9f4f66e4cdef66d6018dae34d3205301d9fc63b58635a9bdcf77c4dff86c470bdfd498aac07f846837b9cdad627ee41d54cbd7
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tL:6e7WpP9oVLQthbYY9oVLQthbUrt7tL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2322) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe

C:\Users\Admin\AppData\Local\Temp\cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe
"C:\Users\Admin\AppData\Local\Temp\cdce81a4e67f0a0f5d3487a80a9af00d79a96000ea81de328d79e99fd315bd2e.exe"
1⤵
- Drops file in Program Files directory
PID:1340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-776854024-226333264-2052258302-1000\desktop.ini.tmp

Filesize
62KB

MD5
c1fdc938a97db8b166b2cee21cea0011

SHA1
d561d88437aaaaa039cf06768d679c34f2972f02

SHA256
618fe8ad8f1e63924f71227bfab4a483f6ea529cfefae61bdbd36551f6154822

SHA512
7b9e6c51b2986b6b5e2bb360313c41027e0f829518cab543e3fb89ef1adcbb69f5c02ad944135292f98fd2762c3ad8d0aae7a5215f5eb36d059dc64252169ce3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
161KB

MD5
8e463cd7fdf82668d46304fc14ed3a3a

SHA1
a04a561c99a9d75bbd65164eb5907a3f7bd8c31e

SHA256
25ef594c726f7e534bf65a953de5061f2f4f2b5b26f8570620d7e21ef27af55c

SHA512
effc52333592c3df7a9173489ad14ec40ca22d87145c1bb95b1bcb9dbfd4af991745bb5705adc0b3568317563a34bf63e5a3ef690e3c028e246d5f19ef3c7f49

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads