af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543

Analysis

max time kernel
155s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
Size

31KB
MD5

95b868480b35ae712e52fb99522d8928
SHA1

467ee2dc16f7a43642548659a3f3d600969223db
SHA256

af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543
SHA512

4c5f7186274652e60450351332b4bf90090539348e7dcd9af2a8c732478437b436c86cc3078b48a41b48c0cdf7631e00efc91752be31ace858a0f75e5c2d50f0
SSDEEP

192:tACUADIY0Br5xjL/FAgAQmP1oynLb22vuN6GnN6Gx:GBt7Br5xjL9AgA71FbhvuNBNv

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1147) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Windows.Input.Manipulations.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationFramework.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.HttpUtility.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Writer.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PenImc_cor3.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Forms.Primitives.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-convert-l1-1-0.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Forms.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\System.Windows.Forms.Design.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.CompilerServices.Unsafe.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Http.Json.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Input.Manipulations.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Primitives.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\PresentationCore.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-time-l1-1-0.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.AccessControl.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\WindowsBase.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\PresentationFramework.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Intrinsics.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationTypes.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.Vectors.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.DispatchProxy.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordaccore_amd64_amd64_8.0.23.53103.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.Windows.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Xml.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Loader.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationFramework.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.X509Certificates.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe

C:\Users\Admin\AppData\Local\Temp\af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe
"C:\Users\Admin\AppData\Local\Temp\af204647404b2fd776bf098c4b7befe2016cb75824040747286c91301f5af543.exe"
1⤵
- Drops file in Program Files directory
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3816 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:3520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
32KB

MD5
0d18a7ebc2da6cec5392b7f2342e6a14

SHA1
2c2f1e60fd26ed082f0cf3552fe39d82fc3b653b

SHA256
1c159b89e19d953e01be5459d8684ab5818db5e439347ae7bec13546e3f133a1

SHA512
7f672503cb464af2c81b54853f941040bd65b957e8866a294811f532493299aa1217480dc3b05f31c83faad110a5c3b64d975b50126b9d5d53c70292dca93501

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
31KB

MD5
28f58b31f7753cf05d464164f7ad8889

SHA1
9fafc898145c02c7e9badb1def5f3e58149dc058

SHA256
1a9a70b0ace5adb631ac8d63e54273b84011228ae3fe599cb2c56e7ab36a700b

SHA512
69e7131459e5f4a07a5944651e3be02b5184f668daa31e2aa9c1bc3cf3972f63b5358c083e4cb3903c8817a81fb4c7e5eccc7dd3e85c6bc5a948f2debcca79ba

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads