bd11ea68e0a8474a7f069036051e9136fe96fb3d8f6192fc738b27365e5d6ed0

Analysis

max time kernel
150s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2543688bb11b656cd8fed274541b10bc.exe
Size

208KB
MD5

2543688bb11b656cd8fed274541b10bc
SHA1

61abe1af6c7aa51eeca19a85f6135e20960f83b9
SHA256

bd11ea68e0a8474a7f069036051e9136fe96fb3d8f6192fc738b27365e5d6ed0
SHA512

9d9c62dc58bbf4069dbd031a4ab3189ec3b2940f237a04057caeecc210daeb06d4cd98d2f9d8359f787489804603addfbf5e5c90b9c4084fbec803fdc21fff26
SSDEEP

6144:RqlIyFESWu0SWu2shFAC2jnkbOupvuv+qM/qMy:tyosbpankbfcvV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4657) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-pl.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-140.png.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ro.pak.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp	2543688bb11b656cd8fed274541b10bc.exe
File created	C:\Program Files\Java\jre-1.8\lib\meta-index.tmp	2543688bb11b656cd8fed274541b10bc.exe

C:\Users\Admin\AppData\Local\Temp\2543688bb11b656cd8fed274541b10bc.exe
"C:\Users\Admin\AppData\Local\Temp\2543688bb11b656cd8fed274541b10bc.exe"
1⤵
- Drops file in Program Files directory
PID:1608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
208KB

MD5
a5e33d41df0a586e78acc410d48c53ad

SHA1
05687599c3ba0e2b7a402f9687067fe566d35c38

SHA256
992df4bdf61b396a8f3fb83c3fdeef31a70452ea9f8a4c6faa2b017527f35132

SHA512
aef455ef11efed85890c5e9360f9e71893f6fedb7a1925dcfa5423c8d05358827b4c9adf3c345d345cbc8fc08578393cd1b9d9e691da0415dee0ec0a72cb27be

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
307KB

MD5
05b941c7ed3e44c0147d847b5d71c11e

SHA1
b24bab1191117671ae960ea7f591c5fd168a690d

SHA256
3444c37956b57b35212824dd485e49da29b64cf662bb1aded9c97fe15951c38d

SHA512
39390a05488f56c145f418392673b67960856062952670c4e9509bed799aadcf3c1461bf6df8e8aa82f1b966a1cd3ec09f0567bf70ec3f7ef43a3905feb0717a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads