245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29

Analysis

max time kernel
150s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
Size

91KB
MD5

676841f741fb337c08e8925536bb8a4c
SHA1

43d7a37fde60196ef198457d61e1b0ea992dbe3d
SHA256

245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29
SHA512

6fb2e1e083962b3a0b318364e5fdb56194d8a9dfe198cf1f5703c75b04301314ac94d088cd8540c4e129c6f10d78a93ab7ceefeaf8a1f18606fb4019b16ec417
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76i:6rWpcOPxPke+e3fFpsJOfFpsJbgEr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5087) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\kn.pak.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\et.pak.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.tree.dat.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\vk_swiftshader_icd.json.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\AppXManifest.xml.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe

C:\Users\Admin\AppData\Local\Temp\245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe
"C:\Users\Admin\AppData\Local\Temp\245de1cbc22ea78f52ea44a311d928b9c34a6fccbb38d2ea77290f59b610fb29.exe"
1⤵
- Drops file in Program Files directory
PID:4784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2860750803-256193626-1801997576-1000\desktop.ini.tmp

Filesize
91KB

MD5
b6e5be98361ea99725c7a7221e864582

SHA1
630fec465522c0ddd098c0e0caa940ded6affa34

SHA256
60798fa886fe9f41eb6f2de2b3d4aba00a23ecde418912b412557672aca314a1

SHA512
b3a3d415dd891e130408156b68ec476b4409ba6fcd0fc0426c3851874ea7f88b4f2153190032cdba2ea909b8f6f7a2d02c72c7e878dc014df65f839b93c1afa2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
190KB

MD5
688e24abcd30f762b5eb1540ea1cc022

SHA1
626a2a7a40a840676b94035afd982b6e12e65856

SHA256
964ff59cce6a57f0c68e8594917fa48154e8fdc3a243be0bb3e958ed129ed1c9

SHA512
da29c532966dc82a75f52a645bf6afe80de79625a6403dc441cec0c200e1daf9eb4431c908692c1768219bacbf50a3f222931877580bcce0dc9576e90c5009a8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads