a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11

Analysis

max time kernel
150s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
Size

115KB
MD5

9032de7caa2b0fc1f53a5273efec9845
SHA1

506b0473f9e89864338b5831c1128e0f9166b494
SHA256

a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11
SHA512

be39adc9c08e7332708bb980e396b563dd62a2072e823203fd4a20f797f035146d3aa9532e8ae24999052b267fc358a856fd2e967b90f25e506dc2bc7b76f5e1
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzi:RqlIyFESWu0SWuGS2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4838) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN090.XML.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\mr.pak.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Java\jre-1.8\release.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp	a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe

C:\Users\Admin\AppData\Local\Temp\a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe
"C:\Users\Admin\AppData\Local\Temp\a73df798cc71b1306f576fd30388f3676438c648d1773fa77aca21513d2fcc11.exe"
1⤵
- Drops file in Program Files directory
PID:4912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
116KB

MD5
a2e79cd47e5e71f896bacdabbc6f7037

SHA1
69cf97ae1c350015085a386157d73f55f594cef1

SHA256
bbe55a5473d16d27634c65c12f91ad15ec4da6188de5e609f9ab0488fbcb5710

SHA512
8357dae3f94919e6efbae22397dfbd3f4940d750372c953515d79c8dcabdbb26b486fb38bc28ab270dbf7f749f545bb23f60ce57f4d38eccd51c7afc689b4a0d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
214KB

MD5
aefddc2dfcfa95304b990b8b71eac325

SHA1
bc9b878a02367bff74fa49953a5caf7408d026f8

SHA256
e343148957ae53671139d3b81263bbd2036041eba7f7e02d17cfe80fb9746fe0

SHA512
ad1443ebf7f876c8a13229c3cb8615e9052f1e7bdfde25631167107bb98de5c11011669cd95efcb90597d9d1119b6eb50b75879ace0c62a10bd379c10d4bf732

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads