28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128

Analysis

max time kernel
149s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
Size

96KB
MD5

032202258040cc5f43ba7f5c4c98042a
SHA1

9d6c895e469fe0bf29cdc9aec8698a704166c733
SHA256

28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128
SHA512

48c263d582906563d8966721effac178db13f20145d4bbd6f7f6faa98e18bcaac3af6047a431a685afa8d7b5988f7bfa77ce5605c0c5fc0c1286bf976cff942d
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76PDn+I+FJAJS:6rWpcOPxPke+e3fFpsJOfFpsJbgEODm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5037) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\uk.pak.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC32.DLL.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\SmallLogoDev.png.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.White.png.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\CheckpointEdit.odt.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe

C:\Users\Admin\AppData\Local\Temp\28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe
"C:\Users\Admin\AppData\Local\Temp\28be676f8da81612804f099fb5e2a791a9e0b605325fbd8b1a5a54cd92ab0128.exe"
1⤵
- Drops file in Program Files directory
PID:4604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
96KB

MD5
be1a7f10861b0aaf858e3f9aed3fd117

SHA1
a074d0baaf7d2f1196f6f2dd249cbe4760047415

SHA256
61a78f0608ad36f2a1f25d3a23dcb74a6542e9a06551f19571eaa57a90693d9c

SHA512
06d761519be215abf78225c20b8178fe2cc20958a8b39c3574de3bc0c1bfcac91c1008cc1a33c722c124590bf9c48a0382cf24dcd03cac370d2bc32255eda9a5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
9747c7daae058750448da54e627d5272

SHA1
dff61a58e503c8aac106137f58405e708301da05

SHA256
f5c5608b577d6bf7588101d8e09f460a788174b6419c812546ff596a2b446418

SHA512
11bd80385e7f11536b0b1ab8a519ff8f4f78c9add93272b8fca4509177e2c3148266600eb5d1b029f50ec6dfa021a73f13125b635e209121360be97519a761f5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads