26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5

Analysis

max time kernel
149s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2024 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
Size

209KB
MD5

18a1f6ab4692e31f9477bc58f0a7fa4e
SHA1

b3b93be28750587bbeb689078f704eabf16d5313
SHA256

26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5
SHA512

7baea62530f3598fa202b0beed5f4da7df151631cf397d210253489931512995c44c8e40611f14e1588391c147bdf995ebf857f2f54043081383d7d91ca42861
SSDEEP

6144:RqlIyFESWu0SWu2shFAC2jnkbOupvuv+qM/qMB:tyosbpankbfcvG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4735) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\coreclr.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe

C:\Users\Admin\AppData\Local\Temp\26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe
"C:\Users\Admin\AppData\Local\Temp\26008c07340e51d30df46e92bf591abed0af6430433ece8499ea85348a86c9d5.exe"
1⤵
- Drops file in Program Files directory
PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-877519540-908060166-1852957295-1000\desktop.ini.tmp

Filesize
209KB

MD5
531e64d2c5411679476d19a7c139e609

SHA1
86971505e71d447d9a12f590ef62461037b60ea0

SHA256
a64e0ce4cfaec925d002b8d33a310cb9a87236d2d591915598fe991c3bfd5c09

SHA512
a6e5cdb0a7288c1be92115c0cfa75f30568242e6334af824a43f42d5f7c5bd97453e130d7cc7bd756f46ad0ad63766ff5c28d65e63eaac268dd8288ee6cdee79

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
308KB

MD5
3462ed56afff8ff664e2e91c8d9f34ed

SHA1
bb18cd9de515a6116f715cfb99b20d3ff3bdc2ff

SHA256
398c9a3116fe593e7e9167ab232f363c819e8a434653a6eeb7da5ef9c5d1c560

SHA512
a0af5610b94f346b88fb964016571e47e6e0d466648b17d288bfa22767562af2e37d9981b81b3661a2e2c7016eb378f7b9ba2d698a95641de9e87d0996378960

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads