c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531

Analysis

max time kernel
154s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
Size

123KB
MD5

cc91be1e692f8145112a3dc3e43bb378
SHA1

11d35fc7971d0c33626f8a7aaafcb6abccf4f76d
SHA256

c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531
SHA512

27e379437e73a625fa09a3ec6f1f17bda222e44d4e427a29688aab745e983acc59de35bea363841a1c4d66d4e6c08679a163febab0aa1a8c28e66d464a7c402b
SSDEEP

1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1j52xlxu:6QWpkzlfFpsJOfFpsJ+n6jEnu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (870) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.DataContractSerialization.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClient.resources.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Contracts.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.IsolatedStorage.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Royale.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XDocument.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TraceSource.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.AccessControl.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.Primitives.resources.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Handles.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.RegularExpressions.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Numerics.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Dataflow.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-process-l1-1-0.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Dynamic.Runtime.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Pipes.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encodings.Web.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrgc.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Console.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ObjectModel.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationUI.resources.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.JavaScript.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationClient.resources.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.HttpListener.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlSerializer.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.Native.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Expressions.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Linq.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.Design.resources.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-stdio-l1-1-0.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe

C:\Users\Admin\AppData\Local\Temp\c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe
"C:\Users\Admin\AppData\Local\Temp\c19467ce70006c6c3896cc3d79532b7c72861df145195812dcb196c65b0a2531.exe"
1⤵
- Drops file in Program Files directory
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4020 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
123KB

MD5
aeefa7aebf28f6a463d99cd8180f0e1b

SHA1
0fd72313fb81a415fbdf21149e63106369be0e0f

SHA256
1b49149da838f1f30afea60ffcca69ee4bc23554305852d20b4e6a4c451270ed

SHA512
dadf3e66a9424b46a195d1b3cc3d27488b149192269c66c95ccf4f20328bed9434128c67f4a7b3bebdb4af42e929db076b415c2c849c446127400bba8c42fc19

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
123KB

MD5
3fb164026d957c815685a842a0573a38

SHA1
1b27d481c049f5392fbcba3dc67e3066b7837090

SHA256
b77ccfef8c73bab45ca008dbd62df5cadc53a8b09afbb701fe6280c6b2ea08f5

SHA512
623782d6091c396038e2bf4dfe0ca2ee41cf99ae2e9e6cf6fd5436788c3fe12cb851af8a7e01c2c11640dbbd928d4d7e3c7e6a44dc34c5239e4d8b8ec4b88454

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads