aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 01:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
Size

72KB
MD5

0a8ed96cd379c391c0ccf4aea117973f
SHA1

41eadf6c600363abfc388bbe582e68c3f10557eb
SHA256

aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7
SHA512

336b6e5dc0f01f0b7bd7876db3e7364238d236255e222016e86f5b11fccc1d906383907900a02179b9d9bfd6596f2776e945bcc214df53e7ca3c6277ad844c45
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4870) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr3jp.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp	aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe

C:\Users\Admin\AppData\Local\Temp\aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe
"C:\Users\Admin\AppData\Local\Temp\aa3eb7633d8a321645f55139f4e6d87684b0422accd1a2e5ecfcde286e8144d7.exe"
1⤵
- Drops file in Program Files directory
PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
72KB

MD5
cbfe363c1496bd164873823459b6c6c9

SHA1
65d1e3ed86539bc4d947cbeef20f058b0e896324

SHA256
5b6fd3efba7f04e77edcee39f8226a15e245a65f56e7859836ed85179f442e5f

SHA512
7307cb1e2cdd604fc3e35cd5e4d574d4ad3d01657ba58e7c6731092a5cea8c1a3e452e15d9ae8c8b18968e4e5a8c214cd0cfcb03ef744e9540e8a9eb77e2cfa7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
171KB

MD5
e90262d85b5a18176772f3cc486ecc6a

SHA1
0d60c68eb0cb5e11538c837534bf119bf10b8557

SHA256
f152b060680054aaec0c70478dad2b2396c6651f5b1868851b78d8e6c9d099c1

SHA512
6b6b988f7245d8c869ed2780fb4aa4214e0d5ab09ce165e79b0299eacf428888b554d4e85fcb566aa65bdfa1e06482b46ae6bc86c6fdf34a4392491861da9946

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads