80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e

Analysis

max time kernel
149s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2024 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
Size

74KB
MD5

a3f38100bf54e9ebcf823434bd43ec32
SHA1

5c9afcf1bc867e6033fd72a3a8300d36e85c32ed
SHA256

80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e
SHA512

3001f3f44d9d6d9befd6aa17c13d8629167006e1e89d676d8a2ff0ec121317647030bbf7b947984f597915ec01112d9c006df631cc1b3e0f866a304b10685c25
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65TGAzEWzVNOx0ypIzIu73mYdE9aC3s9XL7EWzVNOr:69WpQEJAzEWzVNOx0ypIzIu73mYdE9dj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5033) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\upe.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.gpd.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp	80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe

C:\Users\Admin\AppData\Local\Temp\80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe
"C:\Users\Admin\AppData\Local\Temp\80a3d34e8b48e60647d553e00ec8070903dc52967942fa7777042ad8c6638b5e.exe"
1⤵
- Drops file in Program Files directory
PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
74KB

MD5
f181562af0a36cc2013b7ab069b9247a

SHA1
f80ae0cc43faa8e5da61860fce8765006552f238

SHA256
52d8a8f285aaa91a922c8f0e63595faeb442b163869b5fa51d9afdfdb2b527a8

SHA512
66c4e79a373fbba8e7076820151d13b36ab43b88befaaf4a08d08698bd72522b95f0d58f0693319f487b2fa2538e5400417fb2964a6197a79d6aced944a16871

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
173KB

MD5
b8d966c8ccec4fe8fb4ae2f18626f5df

SHA1
0191b8857ee069aeb5f12d99f3bc046833108ee6

SHA256
a5e882d04fb3a937c987b8e2a64a309d9f6070359e1a3a3c19448c68dee90098

SHA512
6301b75ae5a9c2cf5dae00b57ecdeaecd62ce8db055dcd93d85a8d1332c1807afb71ddf0da356d9d1cda417a555358c5d3034722f375e3433bce5117d778e75d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads