ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
Size

82KB
MD5

26606d61f06fc98850ac15be3b9d7c1a
SHA1

aac32d395a137e7fcdaca06ddd2eb09f3f1b15f5
SHA256

ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd
SHA512

9499ff6aedcb4cc51d36ece24a9ea77560a7f90c58a7a9bcee39e4eb8ebaac3b403c3a7fa24010f69d442873b3d1c4d4cdb6b0d16d452f491211b97970f51a1e
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76Rbu:6e7WpP9oVLQthbYY9oVLQthbUvF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5119) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Tec.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.boot.tree.dat.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.LEX.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\wordEtw.man.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.boot.tree.dat.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.png.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp	ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe

C:\Users\Admin\AppData\Local\Temp\ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe
"C:\Users\Admin\AppData\Local\Temp\ae383c0eff2978c7aef34372642dd9b2686faa02fd26ad15e670331ac57774bd.exe"
1⤵
- Drops file in Program Files directory
PID:4892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

Filesize
82KB

MD5
8ce40bc2455fb078d9c7ab4cb29b0ab7

SHA1
b1cb73911a299dea555385da127a64655df42518

SHA256
10c5b27c4d322333b8f231cfadd10bbfd2aaecacf249978234bcac8a190d7a99

SHA512
65ad49ed7539901010ee8ee4391dcabaf206ed3ed479810db42a9940394dd557d9cd36a7f001ce9790bae66e0da24154258539620914f09c69b703a80ba11435

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
181KB

MD5
3de5ff93f9939cd2b2878d2db9761753

SHA1
83f7a7d54e2898228fc17c6d09222d909ad7cad2

SHA256
dfc075d6aa9313d1819187499ffbce6702ed3c0043dde08eee3abd655d181a64

SHA512
c595250e08100a3c3eade8df08b41d9eeed58ea76554212b7f7b44c5244a0d7ebf993922adec3a981f18409dc9513c3ad028b46e056f72b3ea5a41e407841db1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads