7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
Size

54KB
MD5

031579ad36c6d046f5f2217f7a23cd4a
SHA1

4be6433effa4bbc9f414f889897be074245f2788
SHA256

7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb
SHA512

4a699c5fa33a8bea6340d10351ff0e8df05632c1a22e9837498ad4e69e37f1eb6e256bfcee85c7c012acd9733259ef14a22003ca4b77b1fcd18bcb6fc8d1b098
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5nst:W7ZNLpApCZrt8PWGoPWGANdNM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4887) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClient.resources.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Input.Manipulations.resources.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\GetApprove.ADTS.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL096.XML.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ar.pak.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp	7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe

C:\Users\Admin\AppData\Local\Temp\7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe
"C:\Users\Admin\AppData\Local\Temp\7f021055af28b254c8695821a2eda75f688ee26ef2d01e8bb337b067dc3f50eb.exe"
1⤵
- Drops file in Program Files directory
PID:3400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

Filesize
55KB

MD5
5d8f816b0bb40b1d139866cbd51f4fe2

SHA1
2331183333916ac15330341d13af4d9e3f2b27d3

SHA256
dac84228eb4a58e6c2d48c73e0eb8095a01e1389164788e330d261c8b5ac7497

SHA512
6dda937b0c28f562fbd1f24ad42a448a5d7d0b503411886db3fa09e66b127ee5b6d25c40ae1047a8d6a8393209941ea83999e3782b4f326a3031378ae4df34ae

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
153KB

MD5
0eb6944e22610e731d7db72cd292a865

SHA1
648b58e60293e85032c6a47761d5f4d6b628adec

SHA256
d0215396fe47570365000fefbe54111ac990d90e9eb839a439ceb76ce234d6e3

SHA512
8db86f84ed6323aa2b661807bc4cc541096fc0e07db20f7b7196f4dca86dd242b1f8c7054b590170a0586eb62661ecf3cd4309518b6dd06c3fd0621661a6028a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads