3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
Size

98KB
MD5

b926d57077973c9d90f38c71828d3597
SHA1

a2cb439a57e5f0cc68c143bff1637faa6226bac6
SHA256

3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e
SHA512

ea456b54b1648bd7d9d1998a7b115bf731cdcafce4bb1fa9f248fbcefd5198ce6b6612530f64018ab90a8cecd4511bbe4c74058ea63c7a8beff51696b0460c56
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEF7jYk:tFPxPke+eIt

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5030) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\strings.resjson.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.Vectors.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.White.png.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp	3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe

C:\Users\Admin\AppData\Local\Temp\3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
"C:\Users\Admin\AppData\Local\Temp\3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe"
1⤵
- Drops file in Program Files directory
PID:5016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
98KB

MD5
3344e888d25f6fd46633376cf3afffb8

SHA1
d08fdc46761aeb007b3622f4e8ec31c84e9fe19f

SHA256
3b365da828e4a941081caaab71d7e154295ca364a792d8ede8108f261900e4d0

SHA512
ef7e79b5895d27ec4640d3dc12703933524e28dc5c326215b0b6367950a3498fcacafcc0ce56544980bec7b5dd6e31641b0228963ef8d0030d26b9e834555c69

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
197KB

MD5
b46739398998bc6af213c3dc22b8f04e

SHA1
16de5ca65fd72ba856e8b3813acc5f70612dad0f

SHA256
f342956d512b944b1cc5dbce00dc5b11b8f113dd3258828c89621247db7ec730

SHA512
222ffdbc002172254e402f08a599dc35b8471b3619d858ed5f958e7a54469539ee3e1cd997d69f49bb745c691c34ea438c5fbb1502ba713eaf2a2f64877d6901

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads