7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
Size

81KB
MD5

5ed17b7fe5276db4b32a8c920d8d0ecf
SHA1

df2747e278289f7d10998caf1fc32bd41a5bb701
SHA256

7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322
SHA512

b91d473614045a9ba9c62bfca9488f5116498265e687556fd8ccafaa15a72cc5b09b8e7174686829fc7e03f916f5ad064eea5551d9baf5a69eee7b6bfd067023
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/YMO:6e7WpMaxeb0CYJ97lEYNR73e+eKZI

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5042) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\LockRestore.xml.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN086.XML.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONWordAddin.dll.tmp	7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe

C:\Users\Admin\AppData\Local\Temp\7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
"C:\Users\Admin\AppData\Local\Temp\7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe"
1⤵
- Drops file in Program Files directory
PID:4192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
81KB

MD5
f737bb254ec94adcc3e7dab34c3cb590

SHA1
e249620b8fec60d29d6352751572565a963f929b

SHA256
b0aca29347dafc7c940491758cea35c9c143dfd8aa54a5f119b67505215d1e28

SHA512
0011f96cad690f63401e5cbee17f9b070626ddfc221aca7d969540c4b4e2d88bf4d8be0c3ec31d1c5a99ec2e78abf34c5ca0f8083079c9dc9aa94f8c28753c3e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
e0775221c933bd9edfddcdaaaf1b752b

SHA1
fd72671813d20613afca58f7c8a9cb904f447a15

SHA256
210cfba9ef01fd767b67542bc3bf2b07a0072c10b0cc045fbb357676fdb5f118

SHA512
be5edc114105bd17968db0292d1f858f468404b697bf8c198da67da96a58a2062ef816e198b3ca781acad5a45f93ce898c15fd804a5303e8ebdeb852d6875b78

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads