8e93f6ae1cc0427a52acf313f96c422f6889419ffc60a179929ced1d65ae3194

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7612665a1e20d4c0fb4564413f87363.exe
Size

126KB
MD5

b7612665a1e20d4c0fb4564413f87363
SHA1

adc61816e8268c1ed73b91c032214cc706564971
SHA256

8e93f6ae1cc0427a52acf313f96c422f6889419ffc60a179929ced1d65ae3194
SHA512

ee04d19d2e71b1490ea2ecdda84e00960908f7545cc46d843eb665cc7cdc8b596f322d109d06cfb3d3d31c658612ca3fdfef81b9ccbbcd10e8fb4ee958c71910
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c5VnD5:/7ZQpApUsKiX26B

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4925) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClientSideProviders.resources.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\CompressInitialize.ppsm.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Primitives.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp	b7612665a1e20d4c0fb4564413f87363.exe

C:\Users\Admin\AppData\Local\Temp\b7612665a1e20d4c0fb4564413f87363.exe
"C:\Users\Admin\AppData\Local\Temp\b7612665a1e20d4c0fb4564413f87363.exe"
1⤵
- Drops file in Program Files directory
PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
126KB

MD5
1e56d97f289efde131ab5a2468a104ca

SHA1
437be9bbcef595ea2d521bb3c6e4d40e8f2fa927

SHA256
46d3a7cc128b1df4bd33defbcc83ba9b5110680339fc2b4383808c1198aef78d

SHA512
7dc0b0ad1bbbddede0338a1cb4f30d886ef61b5770e3c2c3a7c719a8ce1bffd4a370aa3fd24f9b681c37a98286269eb88f51ef2b03759f3aa8270c864736f517

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
225KB

MD5
5a213afb5f6d176ca9c1b51885882d01

SHA1
5514b63e42c1def9b8ef244c5a52c0d7acac42d8

SHA256
17a6c1cb8aad51e5af2e92c9d06da876c60b8a3174bb2c319243af8f269436db

SHA512
bf310f5fb075dcb0ee15a61a63a2adfb9af64ad19b0d924d8c7d3da07945e0406e180572e06803e8084c2540a9dda3e0008c7db0f788988cfe591542dc7477e9

Download Submit
memory/1720-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads