c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
Size

92KB
MD5

02e56c342a9644ab5eebd4f59181a456
SHA1

5e1ea65c4a906a53ef8b7a18969062dc541c6638
SHA256

c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596
SHA512

19bfd15d3457ef9477b3baf23c40498f5cf563e99ee7e1bc81891ca92f2ce10c0d7c59877597dd6660b925afc16bc8d5d408c8f29706f4a56d153a3d0f26120a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/j:6e7WpMaxeb0CYJ97lEYNR73e+eKZj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1372) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebHeaderCollection.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\ReachFramework.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\UIAutomationTypes.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationClient.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l2-1-0.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Threading.AccessControl.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Dynamic.Runtime.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Metadata.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.Design.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.StackTrace.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Threading.AccessControl.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Diagnostics.EventLog.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.CompilerServices.Unsafe.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationClient.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\UIAutomationClient.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationNative_cor3.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.AccessControl.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\PresentationCore.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Http.Json.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationUI.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.Win32.Registry.AccessControl.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.Win32.Registry.AccessControl.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationCore.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Queryable.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationCore.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemData.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\WindowsFormsIntegration.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.Linq.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.DispatchProxy.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Intrinsics.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Cng.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\UIAutomationTypes.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Forms.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Input.Manipulations.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Loader.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\PresentationFramework.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\WindowsFormsIntegration.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationClient.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Forms.Design.resources.dll.tmp	c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe

C:\Users\Admin\AppData\Local\Temp\c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe
"C:\Users\Admin\AppData\Local\Temp\c55330409898f9b7ffd0c86b60f33d4de17a4e63d123f9a18e7168fbf882b596.exe"
1⤵
- Drops file in Program Files directory
PID:4764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4160 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
92KB

MD5
64ef80c39a55d0853af7cd1fe6630210

SHA1
8ca175829e1d65cd568bf49513c88eaf2f5e8998

SHA256
e26c7d44ab734013eb71739fbf478b48daa0fd088be06496a27fcb3fd62163b0

SHA512
d937b889031a0f7af87def26e4622ed54e1f6816ec376b1bc216361b28210093748b7d6c56c71ddeeaeab2364602660158afe51272317a5ed842b3c6fa5f3c60

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
92KB

MD5
c41ee160d1bdfea7d828bf47dc868a6d

SHA1
ca44af3abb3f89c9a47c081e4a89f819d69af815

SHA256
ee4da70cd86f8acf28cef56e46dcea42e4a6f16ef977b00ba3f5f5987a242887

SHA512
7bb5c40647007e8f95746768613259844008363008c2bda9cabdadb0cc4c00d9d82b3b9870c6b7bd132ae21850fe0d285710e19984f6b7a363809d64e8f54810

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads