b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0

Analysis

max time kernel
150s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 01:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
Size

117KB
MD5

faae18cb0e3c00fc760842eb6a3d16a6
SHA1

038eecc687c2b739221ee8752d896295ffcb65ec
SHA256

b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0
SHA512

3b9bc7f00becbd0dd2168ee1fcf4dbd2910dad246e178832bfd81fb9750cd492b8259d3df929e24fd3b1dacf78eef0b5bf8b7050724d4bbc0727290e0609405f
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzz:RqlIyFESWu0SWuGSn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5006) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\GrantStep.xps.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.png.tmp	b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe

C:\Users\Admin\AppData\Local\Temp\b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe
"C:\Users\Admin\AppData\Local\Temp\b38158ccc0a58455f1d973177d01cb4cffbce300f2d0eb9f8710082832ad40a0.exe"
1⤵
- Drops file in Program Files directory
PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
117KB

MD5
96166d209f4cee995d0584f0d04726e5

SHA1
5352f297118ef27d2a4d41e1689e62aa912aec02

SHA256
7db2b791335a179209779fea5d244098461e2ad7b7dbfa7532c9b8e3adfbee42

SHA512
8103ab9d5677ba1a0ed61850d561cfef74ad55c9944aa5de2e41b13200fd966c43ee8704f464786a00f8001144dc48c61e61062b9877692af7235c004af9a381

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
216KB

MD5
c9cf8ace83fdd69d0ea4398b65296dd6

SHA1
1ed1b504cf65237c819f8fcf2d0de07d2fd02704

SHA256
0b4c1b6c5e98290357ca71a487bc786994db7fa08f382d89d47b9e186cc7a67f

SHA512
d6644d9855832edd3393fb4c889d15cb18d16998c2e10598620e68748bb7ad9bc10222f0c37495c6096159061114144432a00cc66a573964577185c589ce22b3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads