7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
Size

68KB
MD5

08cf4336cbf051b09ef4b2c99f1664ce
SHA1

8f4581b724f9e73a6ddb91039169ed4476e64e3c
SHA256

7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38
SHA512

5ae0ba2a90ef0a3aa486ef8f00dcc375ea951bc7dceb2e83693e4cca2e25530304a0e836b130d90bae8ecbd83ec884ab39f2942a777b466df246f16850eb334b
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh+:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4862) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\MeasureInstall.m4v.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WORD_WHATSNEW.XML.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp	7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe

C:\Users\Admin\AppData\Local\Temp\7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe
"C:\Users\Admin\AppData\Local\Temp\7ab7f292b4638b21c37630083803dfc6ed4cfb381312fea1e6b81642e3c3ab38.exe"
1⤵
- Drops file in Program Files directory
PID:4812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2288054676-1871194608-3559553667-1000\desktop.ini.tmp

Filesize
68KB

MD5
674a696ad541c6b8b1e835e61c95a0c0

SHA1
92d316443cce9d606a50e50b8ee8f0085cfa6924

SHA256
8c4c00cab48916aa9f482517e2f565a453245133ad093073aa5faf70a8ebdb0d

SHA512
582e3afae1fc59cc10f669db1a59d9b0640768f233162349afd6a7d513332d15658116506617d808160cf3cb69c170cc69dff0f2ae63c419e982f2f7242ebf4e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
167KB

MD5
875b2d6aa963718767b3959dd4d11f8c

SHA1
ac1517c2d0575363c401e92be994d3552ab75635

SHA256
4d620599097b6287ec93d8e9252b547ff562af9467dd26064fbf095c0202f8ef

SHA512
c93f865b92203dd0ae7682f42ba9685e577332f1de7fdbc6863d7dffe99069b89a21dd785f2f9d78493b1dca800e18f19a0a925c6417792b747a2afd0fc6d1c7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads