45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89

Analysis

max time kernel
150s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
Size

87KB
MD5

fb3aec9e8345aa40e4311e7403861cce
SHA1

f88b11e2de16a2f978dfc527be5237de31ad6dbd
SHA256

45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89
SHA512

776c2563c88ff6fb441eca19f02cdfee672c9743bc004e0cf5dc4155476fceb4c15e86f2a9887fb1859af189ac34b19a329b3c7f659ba6837268cf42e948d597
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh+:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5028) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Controls.Ribbon.resources.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIANEXT.DLL.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\Office.Runtime.js.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-ms.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe

C:\Users\Admin\AppData\Local\Temp\45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe
"C:\Users\Admin\AppData\Local\Temp\45a5113aa1ff208d538281a36628705c3bb0c8e35e38cd4bad50d9ef21edfa89.exe"
1⤵
- Drops file in Program Files directory
PID:3216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

Filesize
87KB

MD5
8880917d9e498d5b26778188acd89fac

SHA1
5b991328b540282d9d4c5c929cf31c3dd851ce20

SHA256
14b917b06ca1e6c04d546eea411ac1304c4d8ac583d4ca62218c9a21958158cc

SHA512
583becfc4e127d98916f1d9c41d95f40fb610f8e15ea7977d90711b832e287c77d2249148c2ff0686c977609e73c2d19dae79774b58be1d87d51ff394bc0682f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
186KB

MD5
ea01d7520b3f2595119140b56ff9f5bc

SHA1
8b735002fbccab6b8b785c2add9adad881f970b1

SHA256
b333e3ce70821bbd77be244dcac7e23cf4d9771076bb0ba452c9c3a6b513bb49

SHA512
b7391b5563e2dacbe19fabcc1a201ec818b9200e60a27dfdc0c091cd9ccebb5e7fdf0664304ed3e597c36847900ad20856e277592887f18a91c5e248ba3ae590

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads