966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1

Analysis

max time kernel
150s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22/04/2024, 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
Size

101KB
MD5

30aabe8e0ef920474f5a7549713f9568
SHA1

8d19f9086881af83264669066acc90883ab37d3c
SHA256

966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1
SHA512

7507fc9ff971ae9771b8a4affb51c69e7d9fc1bc1d8731933020723be8a02e731fea58f132ed19299ac49d8e6e7aeb8d5e95bdc93f5575b17a52c738a9dba729
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgE2GEJdwJdB:tFPxPke+eI2G7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5033) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\splashscreen.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.DLL.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.map.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp	966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe

C:\Users\Admin\AppData\Local\Temp\966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe
"C:\Users\Admin\AppData\Local\Temp\966253978638a41b59dbdc655961f946e31c403fca273da1c872b4a54fdf3bb1.exe"
1⤵
- Drops file in Program Files directory
PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini.tmp

Filesize
101KB

MD5
15eec292d42b1fa3796fcf653ce434c1

SHA1
872240a381ac4f831e243da840cb18c89fef7c84

SHA256
74b8991429116decb302ddc15fc24ecae7de9b16f95270f17bbc4004aed35070

SHA512
e961ab425ef6b4b79d4f9a7ce6d9d3a7af81b801ea179d9e35c648497de2191acfebef6f117a8c89f6e458f22250d157f0437298064ade831dad561116e877de

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
200KB

MD5
f1e72211d5b5b9f2c7cb9ade1ba725ce

SHA1
f4249aa57d09fa5df95dbe02cddcb8ad20c739e2

SHA256
5161f37edf47f6cbae124d3367d6b7125b70b3eef5f5ae9be4438111afcfe832

SHA512
9aceded07c61aac1dce5c61262b6c112cea1c25ab4129d965cbbb4e33ee5fdfdeae0250aa4182eb9318e129914a288223b398367778ab99660db25155e8e3dd8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads