0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 18:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
Size

46KB
MD5

22a1bd149d22282e397c93154c51af08
SHA1

f014263c10b40d037036fb78feb68a464b0169d8
SHA256

0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f
SHA512

992486ab613abc10dcd0642776a09ed34e885799d66a439e2ca785cbf18b3ad2a3188db5114ff2b1fafe635bf69cd8e5e0e7796b45e00a8d17d75ebc979ead40
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vh7m/FJHo7m/FJH8wf5Fi5Fc:yBs7Br5xjL8AgA71Fbhvhwfzizc

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5322) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jre-1.8\lib\meta-index.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEEXCL.DLL.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationFramework.resources.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BRADHITC.TTF.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\DismountEnter.cr2.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-convert-l1-1-0.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\OSFINTL.DLL.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Integration\SPPRedist.msi.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsBase.resources.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.SystemEvents.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe

C:\Users\Admin\AppData\Local\Temp\0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
"C:\Users\Admin\AppData\Local\Temp\0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe"
1⤵
- Drops file in Program Files directory
PID:1412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
46KB

MD5
ece85a7c4da495bd3ee2b399d80503be

SHA1
493574bfe41d90843eb70b9946072c38509f5336

SHA256
2c4ed4d3b26a0d206389d68a8f252d6b311f245208cbd5a4147eaa872eb73a3d

SHA512
86048ed2e73b915dac5d3e3797bf6eb56f0273e1607fe7d8a2302af5f30c99a700dc1ba455c013a540ba9ae5169317c2ba9d3cd40e415de31c9ecb9c0c078ce8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
145KB

MD5
8c1aadbb6b8938aac46d2c51caf8df81

SHA1
3d867740a7156e13514d43573deef720d598eecb

SHA256
859a1dc3109c7141edb0956c17a8393fcdf34fc5cc18742208e78abba1e049ca

SHA512
7c7759b060515d9f4f444901bd9f1d6fd369b6a7b95b99d3eac386aef8029e0172f2ae17da87c0568ded0e3efb9d494500c869d6441797a4ecff2c2b9b68efe4

Download Submit
memory/1412-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1412-1978-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads