ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50

Analysis

max time kernel
150s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
Size

80KB
MD5

7447018f47eb1796c5fccfee56a59b8f
SHA1

02612a28effe3b52235e33b30a317a7feec46fc8
SHA256

ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50
SHA512

9351af3b21fb614a34f5a68f9ea03c138d544b53c6a60eda3fcdcbc9f821c323347fdf0c7bf4f9330f5bfd5b87d2926e1422daf5e32a27386302d7ae2e5743e2
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/m:6e7WpMaxeb0CYJ97lEYNR73e+eKZm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4835) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MML2OMML.XSL.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\th.pak.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Java\jre-1.8\bin\instrument.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSYUBIN7.DLL.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp	ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe

C:\Users\Admin\AppData\Local\Temp\ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe
"C:\Users\Admin\AppData\Local\Temp\ff4317fdbb671017e533ba8d92c3c03be63e3c53a85e5ae8aa62172ce0d3af50.exe"
1⤵
- Drops file in Program Files directory
PID:3216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
80KB

MD5
6ea1bd2ce1d67460b42e4ab077c64f6c

SHA1
d8838fe3eb550bf3a51c543690c2b36a6026280e

SHA256
eec43dfd86d15ef96e98469067ed2ea899a1dcc3685fab8b25437b106eb89741

SHA512
4a99a9bde4539ce008b667b703e1a4625a028112521e11ccdb4834cfd85efdbe01d297a4290b084dd2368d4149fb364e28ba2b5d0fb05e012a2d0a755a4cb2f5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
179KB

MD5
a3342a23c617e46be0ca78206625cc77

SHA1
6a37bf39e8195b9751fc55843b8b312309e9e15a

SHA256
e938fc1cd2b49ff5330b16f5d20383b66a92178d1fd01a4a4740afd0d29a52b2

SHA512
d6230cdb5796be59702e49a7055595632d7ad435e696ab756ce8f2ffe9179730efa7be2d14579a1418846cef21251fbcb828734b19b42f3feffc2325a5075fa7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads