fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
Size

80KB
MD5

093cdeb61d5107e65afec847a9f279f6
SHA1

95a3b620cf8cd7d02a10408de949f2b7264e4843
SHA256

fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d
SHA512

e44b7916f108021303fa5125a558684134baf84b48feff9d8153ec64227d5dc9896a738b8753e086a84c8bac26895eb2e33237966d754ccd9f07e66fdeb54dad
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2:6e7WpMaxeb0CYJ97lEYNR73e+eKZ2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5115) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\ACADEMIC.ONE.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONWordAddin.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\SLINTL.DLL.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL082.XML.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe

C:\Users\Admin\AppData\Local\Temp\fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
"C:\Users\Admin\AppData\Local\Temp\fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe"
1⤵
- Drops file in Program Files directory
PID:1504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
80KB

MD5
428bcab77e26c48afbe872ee6570f6df

SHA1
70e275c917b1987e56faa3366ac75f42a5dfe363

SHA256
a7605d1edc07f63d3834e134d4eaaf2d19ecebd174a2de12018ac19977ed6241

SHA512
d4b405e92b246c902ef98834492c2dd17f4184b3d9fafa761fadf2c8b31ef72c698e8c8455447f253588bf04f7c386589a4b616fa9674a025b985729db5f4708

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
179KB

MD5
0963205b80e528025010abd2681b0818

SHA1
df86ad0845039baf0dcfdb7274de113e1a5e1a23

SHA256
0f36b2f706c28d35a6ee2df538b13204e676883cabac8429df8edf4bceee508f

SHA512
67b8c8f8063a4a08259fe70f2606b489f5caef250e1c08b80c32f56bf95f72a3449ada987cad74df16fc0ab0d56587ca96f016fd0a2b9d07e3a36504ee100972

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads