962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 01:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
Size

71KB
MD5

6be6bf2dc23ac019f825c0a75d564dd5
SHA1

a75a5804f5e28fbb18cac3fa3858d6a5c7d82a1f
SHA256

962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32
SHA512

7369deec6e7c96304d59d7d085424b67c3c147b5fceea1d5ea719832c5d52234dc00d20bd1d00614fa1baac9e81b4c2505caf776d04c8cb1b7fd53b1baa37505
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReu:W7ZDpApYbWj2WTWJe+e/qnvf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5233) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ta.pak.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\strings.resjson.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\PAPYRUS.TTF.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.tree.dat.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe

C:\Users\Admin\AppData\Local\Temp\962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
"C:\Users\Admin\AppData\Local\Temp\962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe"
1⤵
- Drops file in Program Files directory
PID:1420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
71KB

MD5
e10f1b3c61777150abfdb072a5a88e38

SHA1
7334306e9d16af6803d37e5b2ce37e6b46cfc283

SHA256
891715b99857a734ba91366e3a0248727afb05cf8b2b38bc6fbc10ba1d9efd23

SHA512
b042a3da4c0c1de18e744c0bc4dd7c710f56d0ae1f3a5df6e9652c81cd81e82c8a3db36feb599f113d11a1c9b573ad0b542fe0c5dd8adb880c99896e9039decd

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
170KB

MD5
9810accadd77ac4cab391203406c14db

SHA1
9dfab643726da803dc00e07179fb64c6228c52fa

SHA256
108925f90c3f548635fbc21892a45a3fb2df9a9e635c07425bb86bff5231fcbb

SHA512
26364a2c5cf2fb5f25a0e123da7ae9f804b9539aea0b102dbf87aed8ec4666ef17396f58c1f68bf887cc6a6b2f28094569dc3e99fa84b676dc75723ddbbfae68

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads