2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 20:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
Size

78KB
MD5

1ae3e72bb055079ff2d2d3cc7c518a32
SHA1

98cedec4f97f41f3679955fd1e27b4e8fb688016
SHA256

2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc
SHA512

b34d22ddb25572af75ba337c1f0ac0c42c976fcafa3bae106efa9efe95b7336c0effbc970b6da793fd942a46e8cc199ad05a51a4ec5c97ab6baabc46960e886e
SSDEEP

1536:W7ZDpApYbWjnWf05PG0PG26IvxvWyCUyCw:6DWpDWYPxPTJe4w

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5050) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\C2R64.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VCRUNTIME140_APP.DLL.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\vccorlib140.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPCORE.DLL.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp	2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe

C:\Users\Admin\AppData\Local\Temp\2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe
"C:\Users\Admin\AppData\Local\Temp\2da2ce7d4c648e4baaeeb97d458583dbf9e8717d7d94546099537fb403bc41bc.exe"
1⤵
- Drops file in Program Files directory
PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4084619521-2220719027-1909462854-1000\desktop.ini.tmp

Filesize
78KB

MD5
fbd7146b2b2b9afe32f473ff839364aa

SHA1
fd693513ed815941972d9f253a0f45a84554e705

SHA256
16a14f6100a7c1830974878e8dcbb79e92949a310d4b3c5ae25ef9a0c58a0db5

SHA512
a90fb4aa116e22578c458a38e3c01813c5858c9d81bb77bcde5d63e494939e876b859e3c85401af541e87c09be518478c27b83c15d39b4cd08b5dbd00e4f6deb

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
177KB

MD5
a961140c20027e44dcd3a9cb08215a3c

SHA1
e67573ebc2884a4ca08ff6dda3247ccd8c3d8b7f

SHA256
857e6ac2bf760914792d66c1b6e85536397b300e901a98288735bc6f10608789

SHA512
a163ba065a269ec65463e4cea97580e31aef208d07d1601786404d087519522c7dbeb414662886154744e29f7dffc0cf80e95bf9506361b6ec6963aed2537c64

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads