323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a

Analysis

max time kernel
151s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 20:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
Size

90KB
MD5

210b22d99c50d8e53271799c1bd7a71a
SHA1

40cd5bf2ac954636fa1d68166c6a3d3a953f4e58
SHA256

323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a
SHA512

b58cb52a40c04d0569af86ef6c1bb1bf9eef2a61326c68935b947b89e9be9a71f5fd962e73825a4938f1c4e1544f0417f01e91fddedeefac75e875aa62f2011e
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76stE:6e7WpP9oVLQthbYY9oVLQthbUvu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1291) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationUI.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\System.Windows.Forms.Design.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Configuration.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\ReachFramework.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationFramework.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Forms.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.Native.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.Win32.SystemEvents.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-1.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.DataAnnotations.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationCore.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.ReaderWriter.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Forms.Primitives.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsBase.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationProvider.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Royale.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationClient.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-datetime-l1-1-0.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.SecureString.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.CSharp.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Specialized.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationClient.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Overlapped.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\UIAutomationTypes.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Configuration.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Memory.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Formatters.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Xaml.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-1-0.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationFramework.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.XDocument.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.EventLog.Messages.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationClientSideProviders.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\WindowsBase.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.0 (x64).swidtag.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.CodePages.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.Primitives.resources.dll.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe

C:\Users\Admin\AppData\Local\Temp\323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe
"C:\Users\Admin\AppData\Local\Temp\323756a22130335c0fcd5941cd4f19524d5acffcfe5851e7869e2f298e426d6a.exe"
1⤵
- Drops file in Program Files directory
PID:1804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1316 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
90KB

MD5
c2a67c273e6a3bc65d73f9e16fe53d60

SHA1
5667d16ea10aae68982bd73a0400d9aa7c481e6c

SHA256
86b32cfdf91af95e1c4eb44a79978e0918c22284a2034bcdc5f48abd5fbc6c8e

SHA512
064c638bf8f30fb145ab4ff5ae7be26f1af2656d0f6dd7d74dfa0778dee7abd484ee272a9a7e00040e2687d640079600dc6b830c0b45c3a8f3b9a2748b60ec3b

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
90KB

MD5
19b1932ff8065a1d5f79756f2a63d7e4

SHA1
5055b345102dc284947c934bade0182188bf89b5

SHA256
a628533d846b241981942106f5f4fbbea06a068fb666ae4fa783a877c8040c44

SHA512
e2391ba21da2a44b1ee812e7fa5fd9719cdcabfb2105e33a46347d0f4ff28cac383e6d18f26d6200827430a1e31f36c077ee9f9c7bfe1b6211f7cab571fc33cc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads