3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 21:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
Size

72KB
MD5

6245a21f3f4b5192352b1a71bd24d1bf
SHA1

98723aaa6ae303a0d249843f5b79605cfbf4a246
SHA256

3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044
SHA512

ba22e4613b40b1261adb12fcb2e12767fc6c7feb7f9224d3d4ec8b51e99111ad350c9186bcc73c2a538d4b5b0b571a353aaafd8349233c89bbc700db5e46b24c
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65TGAzEWzVNOx0ypIzIu73mYdE9aC3s9XL7EWzVNO6:69WpQEJAzEWzVNOx0ypIzIu73mYdE9dS

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5116) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-PT.pak.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bg.pak.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\SLINTL.DLL.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe

C:\Users\Admin\AppData\Local\Temp\3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe
"C:\Users\Admin\AppData\Local\Temp\3d8b11d4dcd1c2056c7dc4847018c6bb0d79eaf0c35e2eaedbc443cf54346044.exe"
1⤵
- Drops file in Program Files directory
PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-355664440-2199602304-1223909400-1000\desktop.ini.tmp

Filesize
72KB

MD5
fdb639f94d1422b087f822d3c0177ea1

SHA1
09f1333fb146ff0d24150d1b9d89d99ff09569d5

SHA256
aae2ad87ed1041283edf92e8b55eb51d25cdf382af425807712d83ca69384cd0

SHA512
9ea5d3736edd9ba69290ee7a6fe3ce7ea81d42a96e401743a4105d650970f20265fe0d8f8c726fbf53f423c5f7c9f50ce322cdeea5492852ec10945beb966a64

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
171KB

MD5
c93742e5dfd2a9063ccba4d5486ebfb0

SHA1
2e29da670e50ee0d5dbc288205512c016ebd6f36

SHA256
ca8f6fadbd372209c2c0712d2c52261c79715511b721dea001471f49f66a72bd

SHA512
2565fa0587fb8fc85ad49362c56fc2c985cd249bc5ad8c4ba8213717728b1834ba982c9766acb5c1ccaafa172970b9a145b5562a71a6839c2212fae31d4e25e3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads