6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
Size

72KB
MD5

c997b99f2842364385d59469ab90c33c
SHA1

e59cc6f530c4d0148a85925aa4ae83130f1e941a
SHA256

6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4
SHA512

23ee92988a7da0d8e568224c3afe861fade151593168d4303be9d217804fac270ee80a7ff3bcb2df3d3a41e98ba24f21f136399e864b00bcc4a0b837f8f7fa0e
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReE:W7ZDpApYbWj2WTWJe+e/qR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5042) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SEQCHK10.DLL.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Java\jre-1.8\LICENSE.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\WidevineCdm\manifest.json.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Design.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe

C:\Users\Admin\AppData\Local\Temp\6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe
"C:\Users\Admin\AppData\Local\Temp\6b31236299ada3009e22b064c01df27f36866da115e04e5063a448e6a1cedff4.exe"
1⤵
- Drops file in Program Files directory
PID:4268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2860750803-256193626-1801997576-1000\desktop.ini.tmp

Filesize
73KB

MD5
9eb789c17d0bfbf3b7ec6b45ff46abde

SHA1
1b64813a104003b7af22768a1a6ec6ec4fd24bb1

SHA256
1db44a3e7ce9df016776028fa87fdd618e0795f4a52d6022fc0a6e2ef159107e

SHA512
483b8e7448799064ae1a027c4da4cefd6edbc73c12bb1929c0acdf0f2233d6dc5bf06e6406f8b68ae7bc417e5f4ad8722f4568fd4db588dd567395eb1c51bde7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
172KB

MD5
8399bf619345ee61d61eeac29969fa02

SHA1
47a3c345bcaabd90e4a5aec256cadc80245714e2

SHA256
7cff9a0e08cb15911fbdc20c489b7d9784604700f6237172d76d1939a3a9762f

SHA512
8ce5722c7f3c92f60d12ca7db73f577cb3aae8f7ca8df4c38c62279025d827108bb9f9e1402bd76fd5557269b6ce49965b22c43868c0e57823dbec3bd45d75c3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads