6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14

Analysis

max time kernel
150s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22/04/2024, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
Size

75KB
MD5

01e047e571b14284314119b6bd972397
SHA1

8f5810e18bd118fa16810d50e0e206def42313af
SHA256

6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14
SHA512

474f375341702975bc9409ce856e3593f604baa6bb2570d6fc33ba7e066d502b8e4d05ab12feb715869addee69427745568ebd7e622ba3b0f4c0f6bbcc33accb
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Ppe:6e7WpMaxeb0CYJ97lEYNR73e+eKZA

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5101) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\coreclr.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationFramework.resources.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe

C:\Users\Admin\AppData\Local\Temp\6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
"C:\Users\Admin\AppData\Local\Temp\6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe"
1⤵
- Drops file in Program Files directory
PID:464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4084619521-2220719027-1909462854-1000\desktop.ini.tmp

Filesize
75KB

MD5
466f9f8b3df068d242637a1213e31c65

SHA1
c23330692191e2532dd854ae61d3398a99e26a3d

SHA256
9be5291c6a7cc50ecf6abb9a291a9c2636423e6f4bb21d9f2932a4f3ab551082

SHA512
e1403d975fcd214174079a678d9f895bfe4061f3f2411d9abb9a3dcfa6d1ead1a9840b5d98fd4a8e0020019b2969ab188625df1c65c4c5b59e26312bba55b439

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
174KB

MD5
7d22d120e00ae5c4ee8fc5373fb66307

SHA1
bbacc4fb5842a8f1f0516174a2ccc56e9acc75f8

SHA256
9e509f4b206fc62be12db1ecc3553dc4568150774d1e1f60c66bf45226154414

SHA512
da6b98219922375228b7aa2d28ea34c8d5e93ecf5f1c705f5591ade2546ac3a301ffd42685cf7044be944487840e066b9113e70a278218d2c546cde543248800

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads