380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
Size

86KB
MD5

590a5fbcce789d6e66505c7fb10846c3
SHA1

3a2c5952a8c173660405a8f575aa89d631c6d719
SHA256

380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6
SHA512

8bfe0b0921728bd2f2ce4c4f9a8f924c4948d8863f086af9f18d5ce832eea15eb5928d0e2e9fcaa735d710814a3cb5dfb936bf9766436db4260183fa58400f31
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/I:6e7WpMaxeb0CYJ97lEYNR73e+eKZI

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5045) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ca.pak.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sk.pak.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\powerpnt.exe.manifest.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\uk.pak.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe

C:\Users\Admin\AppData\Local\Temp\380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
"C:\Users\Admin\AppData\Local\Temp\380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe"
1⤵
- Drops file in Program Files directory
PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3726321484-1950364574-433157660-1000\desktop.ini.tmp

Filesize
86KB

MD5
33927a8543cd5837bfefe1f15d6004b0

SHA1
7c2d5d621a3077d8fe64a29c9bf5e2112d41fae5

SHA256
41de7a8688accaaeff081f05ed9331e726d21aa4e1111ef2cca51483c25c5e7a

SHA512
06ce73822ce2a02a99ed816fa91f5f74eeb4607d2b292b37b3fc89704db1e7582453f1770466d44208273f5b7b4fb411e6569c6324b46f73d450f075e3354317

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
185KB

MD5
fa899f1bf7276d74086b9fda6562ebe2

SHA1
f507f5cb2ba30b7a53ad24c109929ad29bd2baee

SHA256
446ef8d18665a2f499a8cc1458a7d204684ab9f74f70674fb5faddb41cb3d687

SHA512
1cca9539c043c91986076929399b0f309deb480539d9a604db1751a45b35b24e2771aae389fcf01af17f2cd08a52b9d03a2e53a67273a04fe0bd0948fdbc364f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads