2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
Size

110KB
MD5

77f748e0b5d6f995e594ee085bf8364a
SHA1

058647de8147e8df87f1a13a5a8f2b4b90ae9d32
SHA256

2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e
SHA512

17871b2e1c5382393a23de6d96e881aec3e918ee2f74bf685a23e3d40fa8ea70fe53b418dec959ec1e993c2192b6a7eef59fc920a2c6e785589bf61d72f59f7b
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz2:RqlIyFESWu0SWuGSK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4904) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jvm.lib.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotdintl.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\he.pak.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationCore.resources.dll.tmp	2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe

C:\Users\Admin\AppData\Local\Temp\2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe
"C:\Users\Admin\AppData\Local\Temp\2040fb09a154cc91375ac13d66f62abedd20ea21e2fba282502e096d850cda6e.exe"
1⤵
- Drops file in Program Files directory
PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3411335054-1982420046-2118495756-1000\desktop.ini.tmp

Filesize
111KB

MD5
cf61332cb2c4b9406d4de294a782a7db

SHA1
5d89f287e97c7ac6a8853e58d86ba11397d7cd5a

SHA256
e40be9cbb34eaf7701f43fb34eabe2e69302eabd329b8ee70e4c3b8370ff4156

SHA512
eca974b2944deba73f0adb98bdf62d26f20aebaf9418c97a81efa4274633b413b628c0cf77872f884aecc53c248b158010072ccb7d6b65175314f115b41ca2d3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
209KB

MD5
b37ed71f3b77a307d60ef727b58308d7

SHA1
90b60b65ff3a2ab88fc8e141dd51c21fb1e6d983

SHA256
925e127819c91c4d3dd5aaf8c02180b4d1adf40ae0f53638d0b5ad06aa68c75f

SHA512
6a18596b8fc00634ce4e803bfff622f6c74ea8f3097be84995a46129abe0f4ee87789242e779bc6ff1fcf0f59554813de2943544c5dd2a16b85b1ac28ee6bacc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads