2e7d5ff3cf98e90c83b255d87e126d87f37173fc44979710668a60fa8c2c8f00

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virussign.com_f5654bbacf313c8c46c05627b6711520.exe
Size

96KB
MD5

f5654bbacf313c8c46c05627b6711520
SHA1

3eb761b480e641228249b302f4d247ae84925065
SHA256

2e7d5ff3cf98e90c83b255d87e126d87f37173fc44979710668a60fa8c2c8f00
SHA512

d75754c4310e0e4374a093f09e2ad39672d9c8de6bf904d8a7199e0d74e34de8bc721b40b0964b8151f36b72cb14f0389985bf97d372d3646dfeddc178a41705
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/8Ab:6e7WpMaxeb0CYJ97lEYNR73e+eKZV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5009) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\Office.Runtime.js.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe

C:\Users\Admin\AppData\Local\Temp\virussign.com_f5654bbacf313c8c46c05627b6711520.exe
"C:\Users\Admin\AppData\Local\Temp\virussign.com_f5654bbacf313c8c46c05627b6711520.exe"
1⤵
- Drops file in Program Files directory
PID:4180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
96KB

MD5
ed0122f4f83c29fd2b412a8f4cbdc05f

SHA1
243080bbaaa3fc521b527987f53be801f83bc0ca

SHA256
04af810b8d9a1b74fd24471bc4d6c591e8a57d326e812bf440456f08b24129d6

SHA512
91de877963788a5af5b4defd31bbd0f6238a4a0b827125f9b7cb46ed516e984a96fc73c52ab2b11c9736ba992728d6b9cb101ea97bb6d9155035ece8f3abd076

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
0d6a3d2767f5bbecd7d5956baa0c0c7f

SHA1
593445c789577bc0765aa22232612d07881a82a5

SHA256
1b4bd69d9597289baf753cca9166f451cf06b0e200c5b4c4a6be5d6d92de9478

SHA512
ce3ea09ef1ecb3f5f164facc476a5fd16cc648f8b498bfb8f4925509a295b03bd13ee0c971789bb5cea41c4117aa922767992daf5ef9aafb394e7835a5043f5e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads