7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
Size

82KB
MD5

17928138b35ca691b53b911d829223f6
SHA1

9205357344911ad9c1b3a26e5cc6656fe86565b4
SHA256

7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511
SHA512

db67f43a9a64d0c6e786e4d32debec33681e720ea234c3897350efb7a3f19b0be8ab5ee60ef0cfac7ed0da9a2b193a0e81fb234bb919bcf026864b9c375814c0
SSDEEP

384:GBt7Br5xjL9AgA71FbhvoBlLLrvCGQXX9vCGQXXSJkJc:W7BlpppARFbhmvjC9vjCi4c

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4830) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sl.pak.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp	7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe

C:\Users\Admin\AppData\Local\Temp\7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe
"C:\Users\Admin\AppData\Local\Temp\7098f7d72d185005f9f83a2c32516ac70c22b4cb839b08d3badc84e9749fd511.exe"
1⤵
- Drops file in Program Files directory
PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
82KB

MD5
760a84504461a6f50a61fda393ad1efd

SHA1
e39dfee9815516a1a48d499f0e274d7333f968d7

SHA256
37669c9b4409a0a495618e4cf47577d26f2528b21a34b8d9df472e1574db4ca1

SHA512
5a9f7a81952497417d8adc9a1f35501a69988065be4d3e780c94c80a2b118bb47fca9c2452f3f409095f5d87773947f8c2a04fd82ca255d3d1b8601fe32fcdb5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
181KB

MD5
bd6ef5884233d3557cdf3dd18e163354

SHA1
768b664cbb3a3ab47cd645cef5697b9a8038998b

SHA256
db9ac8bb945884e41d26c45a4c3f283bac1cee97185d494c5d8174ca511b438c

SHA512
45a54f4337b0c5166d9ca6bb3e847657beb4463827650f37784db183217a0a0006d391a9a074a4ae2d9996cc003737f50b2e44bf8f92e2420ed4e302515a4110

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads