7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa

Analysis

max time kernel
150s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
Size

95KB
MD5

ceb51660802e0b4bcfeab2bec78c8eae
SHA1

d1c747ade57bf0430e8cbdab574297dd8d681407
SHA256

7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa
SHA512

096633018552fbfec7d4dd004134258c90222d2d9f7721c954566ea88235e12ca0629e51f5a85b5582beec61546b7f97805df6eeaaaa81551aa96a380a242bc4
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNBvhvV:6rWpcOPxPke+e3fFpsJOfFpsJbgEbJN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1755) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp	7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe

C:\Users\Admin\AppData\Local\Temp\7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe
"C:\Users\Admin\AppData\Local\Temp\7618535af31f1679e1ba4961086fa346c35101457a6a4c3a2b485a18bd2f77aa.exe"
1⤵
- Drops file in Program Files directory
PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-553605503-2331009851-2137262461-1000\desktop.ini.tmp

Filesize
96KB

MD5
7862ee560f9ccd0b7fb068b3902b03c4

SHA1
22ad8c30a920541987bf8a17dcad656822cb5943

SHA256
b8e88c278099502c72ceec0aec28943d51cc284729ce70daa7e20189c3359858

SHA512
9577b94f00ca90f6ac888454555b77ffd8dee1135582c5d58007cb9d92725d5f94f1cee88625c4de4ab2dd547b9f6549fa57b4244a9fbbc8b099b1d58512bd3a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
194KB

MD5
f440c7542e26d6b0fa8da804c240fe5e

SHA1
f82c61873c911ac209b8302e951455a338efe742

SHA256
410dd24fc6b552f1ae9dba593293beab63cdd62020e776803c40dc998764997d

SHA512
c48a4b4174374c860c629b59a61b3d06f5431f80b65d867e590bb291bd6f2eea66c85a18888eb7b175bbbcd6c378e9a318afbcbb597730ede9e7b992863f1030

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads