bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
Size

82KB
MD5

1bb99257217f5e1f9447a860ba6bfe3b
SHA1

620bbe57ee07213617f079e0547ce3f090b0a9d9
SHA256

bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d
SHA512

1210f329d4e38dc8407bd379425398e6d563e80a26be0d703e355b7b17bc699fbe855fd66a084740f57ebc6f19a2eed8c11d1aef59f1c3f167e97a198a43eb47
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/aJaKJawHCHm:6e7WpMaxeb0CYJ97lEYNR73e+eKZU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5156) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.tree.dat.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp	bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe

C:\Users\Admin\AppData\Local\Temp\bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe
"C:\Users\Admin\AppData\Local\Temp\bd2142cf9c6436bfb4da9b25b74edfd7d9e041d089c8564a935813df3c84664d.exe"
1⤵
- Drops file in Program Files directory
PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
83KB

MD5
5ad4e735d314b52dac8d13796453e110

SHA1
c2b09fd3614d7693b184dc18b55c412e0509d174

SHA256
88b00eb9f2264604d58ad855c7b91ca11f9dfed96258ba9ca5b3d25a4d05c90b

SHA512
6745540f32c33fc031fa0670a144ee2669b8b3ff50347eb105f820a8605126ff64db81b2f61acf8bf2586cb94241903a4cdfa88b91ae91013a58d8d15bb5fd92

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
181KB

MD5
fd346c9587ff8c2d8254cdee4dd67ef3

SHA1
5c6b2fac14496a03d63f1272cd4b160b3b6ed36a

SHA256
c6948508cccbdcb624a893010e7c60f533fe593816147279245fc03b0b65a0ce

SHA512
fc384fdd9a11ce8be23b5d5e196ab3658718c1a41f6ea626a9c8559b48b748ef0ed2fb75f4b55291c001bdc11a6dc7aca7f6706e24e3eeb9ec50e67c72a6c4f5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads