3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341

Analysis

max time kernel
149s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
Size

56KB
MD5

21aa1e0a44298e57c056b10327e9325e
SHA1

e68ab7946dbfcb52aeb865eda9d5d23744c9d0ca
SHA256

3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341
SHA512

6708bb76a8aed818b742db5da3670ecd221eb55d04e9df016d4757ee82faade83d3da6bf8cb4a7ce71caaa2396f9330fd90c08b71defebbc33cff9a4e811559b
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaJjYJIJDYJIJJZwNq4pKnKG:W7ZDpApYbWjy0e+eaNAKG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5201) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\th.pak.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.tree.dat.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MINSBPROXY.DLL.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsBase.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe

C:\Users\Admin\AppData\Local\Temp\3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe
"C:\Users\Admin\AppData\Local\Temp\3d51d0aa95cbe5e3f1060717df87a3b30d307f54110fa4ac0f31acb2ace41341.exe"
1⤵
- Drops file in Program Files directory
PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
56KB

MD5
2e231a50fc2b6699c218b0aec55711bb

SHA1
8f6814169ed6a5c9544d6f99c84ec6c90fb114b1

SHA256
2ec5e91960275810dcf031bc2ba04851f92dd4dfb24ea9446bc01f40402455fa

SHA512
5c823d6382f482ef02d9de833ae37410f39bc85593921e1815c463c709df05cea3c9b685427f5fc075f5282e2ce58b37712d58bd5f7db7cd4bb0464306134b53

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
155KB

MD5
ea43e985820f0f83c445b6450b7ae09e

SHA1
4a708274d28aaef2871dd2978e31f54f458f8a86

SHA256
1a7a07f1096ac7609de561eca90d2a48add9780794da21851f711c958a98fd2d

SHA512
4e60076d10be146fd64776d06ebed1ce37c453774f54080d2b1a203e13a6432ce9f68d444e9716fde1c3e57cf4af29a8e1067315576f218fe724351552c12241

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads