420850523dcfb1c639b15d9e516715605dafa76127362148e989a71b32e74852

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
Size

60KB
MD5

17ee0cd3ff8e83bb0d557863d8868220
SHA1

e990d1a438dd582efb27ee9027f71bced4ac12b3
SHA256

420850523dcfb1c639b15d9e516715605dafa76127362148e989a71b32e74852
SHA512

27289a62b30527c6fe8d4ac6951120fe72d7226889d56ad5f07a55834491030411e321d9a0a12964780080d332da6e53333b3ad563a8805af786355e7af722a7
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmht:W7ZDpApYbWjIoPyPoLzV7c6Sht

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5086) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\ApproveStop.zip.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSVCP140_APP.DLL.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ar.pak.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe

C:\Users\Admin\AppData\Local\Temp\virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe
"C:\Users\Admin\AppData\Local\Temp\virussign.com_17ee0cd3ff8e83bb0d557863d8868220.exe"
1⤵
- Drops file in Program Files directory
PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
61KB

MD5
8c3d0a2abac9a155deba61c8d759da22

SHA1
d4ed1a02bc5f2bfd62600fe4cfef0dcadd400698

SHA256
088ab9b619bf0533b4b8eea95b57ce8879d118871d0e50e9db81efd3d0056dfa

SHA512
735649e492ea5ed633e998a00ccae7213b995b78282ac08a6702035d90120877668ac14c81a967543519c81d889d11e301f2f49f75dce92b6326c835231f6555

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
159KB

MD5
c299f0f6b10e7c4660c7594e2988a57e

SHA1
43dc347bc7369ddb8b28b732256eca55a39acd68

SHA256
be03f59494f86d0806361b77ee37fcd69777954c9a01f4c9801bc5c2146a04ea

SHA512
83f5b9d0db238756718c83981fd77674f7024ae5d42b3d32cd8f3b83c5f7b0daa1db1953c6d304baacc936279bc0abd1099940aeef36d6ee4d85e6a448b912b5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads