7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6

Analysis

max time kernel
149s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 23:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
Size

97KB
MD5

3d00fc57778e5d1a8b77f41105ace5df
SHA1

937918f51f1c2cefabe8868b5441dab3a01da63f
SHA256

7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6
SHA512

31a582684d0b4129832dd5eb44b01aec64eebadca8d45deecef56e163eefb7bd0d678a6870859056b71b08b8f49e7a7537665f4bf0c4da1136c5d9e37074b1bb
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/yJgJ6:6e7WpMaxeb0CYJ97lEYNR73e+eKZsC6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4823) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.Registry.AccessControl.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL104.XML.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe

C:\Users\Admin\AppData\Local\Temp\7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe
"C:\Users\Admin\AppData\Local\Temp\7ab68b077d86343026d9f6bd08810716629b30f3bf07d34618ffa1c5a895acd6.exe"
1⤵
- Drops file in Program Files directory
PID:4460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
97KB

MD5
671de745b80627d32096dd9cbfbb723d

SHA1
bcbb219bf624db8e62a7ea3ece7ce7634e07e6d7

SHA256
fe46bfaca5bdb4a63bed90d5cba5020d6a084a7aed3aa5327f0e9ab7a8b56014

SHA512
03be7ff58a3e65e23b8e3273e5bc13367d4cbfe1bc684f45b8bb88e2a37df1b8c2b3848c4dce11964fd9fe46cc0a6ecaa806bc0ce8158d34dfbc6968e6b95f71

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
196KB

MD5
22f0b3a946176a754db9f325c949cd14

SHA1
10e40560036a4af8238ce247151007df2cafba4e

SHA256
a15bdc8edcfa0ec2f2f835d297d465a3e9f68a935e2e18c270840553b861a881

SHA512
1ef95cca19e21707b21a53b3fa4e1d250f8b243ae30a20609c762640afc9da42f70c06c227064542137b637a6105ab421b8b69e241ccd864ddcc252f4cddf7c5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads