0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
Size

133KB
MD5

066e12350f45e5a4f8d59165ba539147
SHA1

77fa84f84229fc0490b72fcd311e778e255374a7
SHA256

0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652
SHA512

addfb01b7e721002b80819feddedfcf1ebdfb30802ed69580f9b6f04cbdcfaef5674279c4c65cf6dd1c61129f375bd37bcbacf2065f5c00bc317fc8e35f54b0f
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c5cfYfP:/7ZQpApUsKiX26f

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5008) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSF.DLL.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL044.XML.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.dub.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe

C:\Users\Admin\AppData\Local\Temp\0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe
"C:\Users\Admin\AppData\Local\Temp\0689c0bb9ddfb45ad88517e6f602b47b1edd749e258642bf3d4837202f874652.exe"
1⤵
- Drops file in Program Files directory
PID:3344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
134KB

MD5
b2439d7d9ca7553bf034a777cd4cefff

SHA1
11cf0a6f0fdc75d2fb54aab07242ad7bdd340962

SHA256
2d06568eb84854b9f23e07c1d62e74def9bd27a7d76a39ee6d2841e3f6567543

SHA512
5c56e68139545fe473a298a76a4c1b742a0ac4ec52a09019cf5e7363957130a6012a2e2590bc1e380d6819afb88eee65c5e34225c3f8b5f44b9f0b3711e4a9b3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
233KB

MD5
902bd0a12495b50a72e960829430aaf8

SHA1
eebc68eae38cf59d08ce40d9a283477f73a1c476

SHA256
2e84bc94785aaa67712f57d24b27212a6b0b83c1f1a492df9cc1b65b48dbc617

SHA512
fb62e2ee2e485bd8fdc6207856fd53ac58cdbdf94ede288bbfdeb67704309dd3670f3d32fd51b6bb3c2bc84086e2e531aaed0c52d5a167a7e8e4a960ab0f9ae6

Download Submit
memory/3344-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3344-1782-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads