179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
Size

70KB
MD5

1bd03df7ccbfd4802a9bcb8b418715ca
SHA1

c146a30444c0622e64ff94cc3ad3bd643b45b418
SHA256

179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5
SHA512

1e0a0629f1e5b86aebbf53f4485aed2f7c6d6f08f229bddf2289e2ae5d0aab28d4fdb0587cb930169315ee6bf54d91c8605abea96534bfc5242be19e682848b5
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/2lmlQPc3f6Pc3f5TGotuMOiJlfotuMOiJlbY1Yu10R:W7Z9pApQEgG+6E65TGAQ0A08

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5122) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\CloseTest.pot.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\SmallLogoBeta.png.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\es.pak.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\optimization_guide_internal.dll.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp	179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe

C:\Users\Admin\AppData\Local\Temp\179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe
"C:\Users\Admin\AppData\Local\Temp\179fe6cb9911142e9daa20150c06992d24dd061d1ceca57a948e8965ce14cfc5.exe"
1⤵
- Drops file in Program Files directory
PID:4488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3411335054-1982420046-2118495756-1000\desktop.ini.tmp

Filesize
70KB

MD5
74e2f2718090886b0d72e5ef1c2fd29f

SHA1
d844615745f78aabc2802c14346b1b494e4af454

SHA256
4b97620025236ef83808e72d73661bcf1f491e68aa42d128a1a776c71a5f3bc9

SHA512
0ed0900408c9c1731bd73e11f2bb6641511439a6bb77fdcc794b6d4816da460b720d08a1733ad5ac36c7c5aa4c5c08c9622c16cf4e75ca9cce86e30d2d11fa83

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
169KB

MD5
d89262c0890f5981a8abfdf15fc4e636

SHA1
4801dc3f33a311a6647145e1fa4d36f0c930e6d7

SHA256
d3c2ea5126e9c58b2ae4c4bc5a8f3d9f2d0836d44c26217cde2ebb6d5a0ebd67

SHA512
bf5258d90d7678627ca74ce29e597db45d6e0a4cf6f9217e010be3c4ee919eba704c985295b346d77ffc0b8baa4c8e3f0c0ebb52d6803603d073eda443ba978a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads