05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
Size

83KB
MD5

9930751f1258bdc673c40e6081506481
SHA1

dbf1ea99d2edfd68419a945765bbd045dcc23373
SHA256

05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8
SHA512

ab256e09ce5ac3a9a7bcdde075a76964fa6c2ee25eb09e4bde43ae6fce0d5a7c47e8c0bed869b1649696d50d650982bd88651c6269543bac727a1bcb1e743abe
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/tuTUR:6e7WpMaxeb0CYJ97lEYNR73e+eKZtue

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4844) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\lt.pak.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Overlapped.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\fil.pak.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\nb.pak.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp	05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe

C:\Users\Admin\AppData\Local\Temp\05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe
"C:\Users\Admin\AppData\Local\Temp\05d02ae61a38b7445822503567470a9f25cfbada572878929c12c36abd1a45e8.exe"
1⤵
- Drops file in Program Files directory
PID:1060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
84KB

MD5
f1c6c94ba4c54b948267ab2e34a93409

SHA1
a8d8209d617f010dee01b65feb8e224e86e7c09a

SHA256
3f15ee4f046ec604e1a7db2987b6fb952090d11918e640016dfed11ab20bc275

SHA512
bd54f21b749b7c3bd208d454633508b95113a99606c3625d1dc1a6ebb057f1bba65ec146179096db762ebfe131e5bdc1c8dd33f87ae2c3f80f68f2c01d9346d8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
182KB

MD5
bca1c1d44ffdc75488af968ca43c58a9

SHA1
1f0d08d797ec380948d06e44e2d49a3dc85ea0ba

SHA256
a678075efeb1114f28992b3a0b5dc6b33de0f98412abb31e9eb27d6d73d40747

SHA512
0d74cd5235761bde60f171353742a171cf8eb7912b9593a8b477b25793d5c101ccede6b9b5c127f087fcf545eaa9b67e903315d3394f603ae231697a12928533

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads