860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8

Analysis

max time kernel
150s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
Size

50KB
MD5

17463604c4ec40fcdef4dda2e68c92e8
SHA1

f36c00d48a89fce53825456381f2c20faf92c077
SHA256

860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8
SHA512

d4239ff5bb87ea39055adb0c2749c98e971b8378b1d7c2ac5bb48903139492f14bb79e76d9090378a499ea5be4394529d8b2d7f2ae4ca71ee186ca1fff82f1a7
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFKKXPXnPoKXPXnPnb:W7ZNLpApCZuvIYTb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4690) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lv.pak.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\msipc.dll.mui.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe

C:\Users\Admin\AppData\Local\Temp\860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe
"C:\Users\Admin\AppData\Local\Temp\860c5eed1135b459650d95032ef44ce5035b1da9d6cfc11f390f899100f42eb8.exe"
1⤵
- Drops file in Program Files directory
PID:3228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
50KB

MD5
4dc6fab0aa371e6f223a57b1b702a2cd

SHA1
97fd31333d7814081d9424a77fba2aee3f6c5bdd

SHA256
acfb02e0184c340765303ac7531f476d26cfa8be235310b0d665afd7e1aa64f7

SHA512
d4107682767b568fc423b181d8209b0a5c5e2bdedfeac1ad8d73eb17fa245691ddbfc101b8259d43a53b3d6f4599a4176e4ae746cee0f8e7c9721729eeacfdbe

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
149KB

MD5
7520cdb46ca206ec44cc864521240230

SHA1
ed34f8351928948641fdbbcd4086d8a75e915425

SHA256
38a271a034ea3daaa66660afdcb63979945d1566fa3432859b1e1bfc3187e553

SHA512
7f3516fc38e719d936daf8710e1fb7b565509701691e075ab30c3bb2ec9f869fa2ee0134a0b513e5fc8517101dde61290468728ad892dfc282866f09215e858f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads