d69fff9a198692bc047c4044034daa138355ed3f149c571d54880a1f2ec5f67d

Analysis

max time kernel
150s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89177936cb80c614d3aa96952ec6798f.exe
Size

115KB
MD5

89177936cb80c614d3aa96952ec6798f
SHA1

ea208891a7bcdcb23b2731bd1f96073b55a9c0f6
SHA256

d69fff9a198692bc047c4044034daa138355ed3f149c571d54880a1f2ec5f67d
SHA512

5c563322a1389291d334b7fe8e49d002ac6af8bea764a5fbf26a23faef1755062eed33b2f460de805f58b48650fe7d09a08d4bae26d7fcd437a6a17c5f516025
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz6:RqlIyFESWu0SWuGSO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4872) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome.dll.sig.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.png.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ur.pak.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwresplm.dat.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClient.resources.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jvm.lib.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\hu.pak.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe

C:\Users\Admin\AppData\Local\Temp\89177936cb80c614d3aa96952ec6798f.exe
"C:\Users\Admin\AppData\Local\Temp\89177936cb80c614d3aa96952ec6798f.exe"
1⤵
- Drops file in Program Files directory
PID:4124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
116KB

MD5
37f1a4b56920e9f1e420612f469f45ce

SHA1
9ad8831511ba7e793e861f27bd0aca3f7ba60dc2

SHA256
a8899a3b56eb729ed5cdac9c55dda447b28788d54e4eec65dae4d75f373b2442

SHA512
61b7c2f85605cb830ea5909a0c7457fbf9bfb7084946498fdf541f2dc0497b35a3420799ef156573c1154aba44b9975c57e93aaeea951f106ab7066233d14db9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
214KB

MD5
66644c119402034d0c910c77d1fcc757

SHA1
9d4e5135674824e4d1e4ffbd8e97293ceb8ff685

SHA256
1e6f68ec26bc7258dcdaa8cce93f3ddf02ee5c38bb864d6f9685616e5d82a5a9

SHA512
bf4865d49d12e9866b4a6300f469b6164cf68dab845698e05f85352a2fef8a2dc2f6e249b9e5ae62de4445b0644f00f48ee11a65daedfec9074411d3c733b67b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads