4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec

Analysis

max time kernel
149s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
Size

72KB
MD5

65bccc3375e11848aefa0225ac97f39a
SHA1

29e0bc7bc70f632e814e404528666c491b4b1eac
SHA256

4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec
SHA512

d5944665f2e82755cc4d69b724a34d6e235509b3c67833de26bb16fed50b8958c8552b2a564d35077559e2189938abc1d1f7a42d144b0011b2bb9edd4c40b3e5
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhA:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsx

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4725) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CLICK.WAV.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe

C:\Users\Admin\AppData\Local\Temp\4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe
"C:\Users\Admin\AppData\Local\Temp\4faaea57adfa8fe9d5a9f8259da956a3d33a0a491c32e9787636dacf8da108ec.exe"
1⤵
- Drops file in Program Files directory
PID:3628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
72KB

MD5
4cee56be596ffe6ca53c692c307345ef

SHA1
20e3c4f54421b044afb712985d251cca55250784

SHA256
6701e42d3a0f01d4e6922b95ef205910f06fa2b27b5b2890f2631ea863508b06

SHA512
5ec3bd7cbef0f47892bcc3963172661472ce840b7ff2d1d5413a7b2a9d45ca2175e2a90f7365a51947bb6a3df5ab593a70c2b80f2bb53403f97c1acf52383079

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
171KB

MD5
18c4fe7a1d32010f645d5872af65b481

SHA1
97a7e5a0b548c23b8198bda238f2c0605eb3f8f2

SHA256
f64465ca2e1dd0eb892335791f378430abf31caa4a4a9a026ad01fd8baa8687e

SHA512
96def70de2b1c174acd2188bf411604d6978d3e9bd746404d9b96dbdd30c0034c9bb50c83403abaf201c3b246f11c0cd14f733c4028b942994aa033f35a0fc61

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads