61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c

Analysis

max time kernel
149s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
Size

86KB
MD5

07c6de4be9cd87f15d045135a39729e0
SHA1

de1d6053300d9747f6bcc9a215dde87635f09411
SHA256

61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c
SHA512

49f247adb0c10400ebb11a9b2b96b2cba2a259a1248716bd84017433e1676534b469837bc2029fc59edc35256cc64b0e47a7a154b268f74d25420542949841af
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t2rt303hHUsX:6e7WpP9oVLQthbYY9oVLQthbUrt7t2rM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5027) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsFormsIntegration.resources.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ul-oob.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-TW.pak.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO.tmp	61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe

C:\Users\Admin\AppData\Local\Temp\61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe
"C:\Users\Admin\AppData\Local\Temp\61da3c185eacd2f35ca3ccd4af78ef5bf9fdd030d3cc2a68fa728d9d29d33a0c.exe"
1⤵
- Drops file in Program Files directory
PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
87KB

MD5
f306731d5004a95814a580da86ae8d67

SHA1
415309d89a14f00d496bb65c59c115a20c4ee9e3

SHA256
faa9a7623a9f30a25988407ab7487699ccb3552e3b08b21382b44f7e19862406

SHA512
73eb5828c18d58e7e803c3a9052ebaf22be101b5d5f2f9e6407dd19670d6a0129e23c427261b968099ff1cd5867b647950042c50c26fa309e8e58c59e2b0f028

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
185KB

MD5
b9754929dd4579b54e9c0bc2cadf95e1

SHA1
516bb87196b883b346f8317ad7ca344eab77f622

SHA256
d8b816a05feed864401f69dabc94c980c377b68bd0d03e2ac696d4d80b95b9f6

SHA512
363a4524349bd7233662eb78dab2c02592e8601af0f585f950356069d9c27faef76ec0fb02cbf05d2f0aeb9bc3dc5928b76303d6a40378ddf183bc107d97dd3f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads