aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
Size

78KB
MD5

0553bd0e49e45954f850fdf3a0ceb7c5
SHA1

2a253935c0c2bb2b1b67ca23e1eb88c75733ca97
SHA256

aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1
SHA512

9b76f046ea7d89284d1c73112d0d57eae815609a16673eaa96817481e7637259f8043180a2a9ecd596844feb8e704747a92a28787f1c6c16ae8aaf601ef85e72
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReb:W7ZDpApYbWj2WTWJe+e/qw6u

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4683) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzmappings.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ro.pak.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe

C:\Users\Admin\AppData\Local\Temp\aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe
"C:\Users\Admin\AppData\Local\Temp\aa3c2c8a19f1ebb828d371986bea6ed6758d2eac5b297416b91fe258ac6c08b1.exe"
1⤵
- Drops file in Program Files directory
PID:4088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
78KB

MD5
b6f6c5a9839eb66a724ccd36393e8cec

SHA1
d746c9a2614322f77c6a9ba62c4726f4cec53894

SHA256
eec6f1b207a40cf7d4fb17463af9490ad6fd6f3e92507b77ee954b56619ffef5

SHA512
c6a95ed48f4f14f531aa7ced37635cee3d872232d4474741dbfd8c129a2a075e2e1dcaa6a340136729105cc9aad145f6005ff85661fd2380d1f726a91094e4d2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
177KB

MD5
ea79f41c2a563e984c8b6e01d2945de7

SHA1
019fae1c9fe73addad1dcbde86ad48cd14a2bbc0

SHA256
0e4bd1e75dfc19d289fd2729860b3a59520b89b277439a9c52c23e7aeba70ff7

SHA512
6c413860c9a782b819b9657b5080ea2cc88802e31b5827adf6feae7ba1408595c713d6197e0301a01e11540c986a08f912ec0874a551949ab9bae8ba590b25ec

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads