91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2

Analysis

max time kernel
150s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
Size

63KB
MD5

61b38170300df4f2f4143a6bed9d98b9
SHA1

4bc0b8a35f73d52edd28e11a837bced48b1b9410
SHA256

91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2
SHA512

dc0001d65ef3e76f27d7f3197c6b19ca56b1d549e1a854fbafc516e0be50acb4cb93dbedcf1eb15dadda47e423aa7850b12c703d8dfebd06fe78823fb0dd9443
SSDEEP

768:W7BlphA7pARFbhvOsTKnKqtSpFCpF0YSiJgUpFpgFi101tlktRN8kgXZOXcvlkt0:W7ZhA7pApvOsOKjC0YSilpFpfkJOMYY

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\af.pak.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONWordAddin.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp	91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe

C:\Users\Admin\AppData\Local\Temp\91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe
"C:\Users\Admin\AppData\Local\Temp\91eed4bd03c81a8d25ec9fd6497c539f1122751c775a1ce9e143dea2c26d8ff2.exe"
1⤵
- Drops file in Program Files directory
PID:3204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
64KB

MD5
254558121fd20a1635f45eeff08c7daa

SHA1
4262f601a87edd2aa4526da265359e3ae2260372

SHA256
6d828da204f1437884ea168d9d85ace45f74ca3578885022d8a87f47478cddfe

SHA512
feee011079415acb983eb367c7693ca992c1cad4cf84b057127dce907a03ed33bf652846c1b86001d2166daec01ea7ae3727f52dceb3859d79cdffe3541896d8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
162KB

MD5
d98b2022e90f3fafff0027a7bc60e320

SHA1
95530282b214dff68cdd262a3d788732be0bcd2a

SHA256
7b4a7fc2b3b9d01bc58ee6b6bf06df57c40eb0448fcbad95c8a1542637286a36

SHA512
76a559d5577b4c00f333ff1e913493ba9f6d1eec9558e6cd55c20e9339f64e1df7fd55772aab5a62ca000b5318935a8114f5abb5396158f61e4540d82b038ced

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads