fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 05:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
Size

130KB
MD5

8e2bbd17b57899acc3dbe57af5427c62
SHA1

075051d94ed08ceb98976871aab56d8bdc8bf1dc
SHA256

fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed
SHA512

5fe93f5f01fb9d185d33289c1a1ac1cd56714c2323c38f4c399903360fd96c2513638afdf58d71fead3cfc09cfc112060c222d2f09e242ef0f599d69087410e8
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOR:/7ZQpApUsKiXBvzwvzXJvlwJvltbF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5012) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\catalog.json.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.png.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp	fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe

C:\Users\Admin\AppData\Local\Temp\fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe
"C:\Users\Admin\AppData\Local\Temp\fdab975f56dc9eccde0e08f2574e739a10f8b49eb9cea91119340ec0143eebed.exe"
1⤵
- Drops file in Program Files directory
PID:4952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
131KB

MD5
b6902af89a9b25955a39366757ee7565

SHA1
8f9fe3bd2544b03f0b3ee175dbca7dbb4b476be1

SHA256
0e6bf3638816621045cf20bed4f3458b36d08e93e022ab43a51c6daef73d4ac8

SHA512
4671ac2598774946dd36b2aa9d454623f9d0c3f0ba89277020abad6d45eb45df820994b0da4118f0a7b5826fd520d2b27b30e8fabacb591980d2a6b4f358c9fa

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
230KB

MD5
9a6b8c0d80f3e85bf25a66324cc164eb

SHA1
2681c7e6913403e6aff9d32a15b10b8a80a09e07

SHA256
574bb31b085c6a90cd085dcae1f15e40a639698e7505a642404779245d2c94f9

SHA512
afbd379772eec40d674652a8973eaa4d394dbc65947c7bcb28aded53d2c1688082764700526ff11c1e2cf5e20ebc53cba8e67b0964623057fd4ce7448cb475c2

Download Submit
memory/4952-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4952-1790-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads