87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
Size

61KB
MD5

7a0678b638fc1c748615944fd958801d
SHA1

b2e9a00a8157f2ebf708aefe84a8e50d1283e725
SHA256

87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863
SHA512

f388bdee6b548bb7d02efddcce781080014a930f515aa737bc99d14d802d6f2f17a7861cc75aca8fff2f9ca855fe72367a4f98124c8004ed8178e6804821ada0
SSDEEP

768:W7BlphA7pARFbhvOsTKnKqtSpFCpF0YSiJgUpFpgFi101tlktRN8kgXZOXcvlkt1:W7ZhA7pApvOsOKjC0YSilpFpfkJOMinz

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ko.pak.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.MSOUC.16.1033.hxn.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe

C:\Users\Admin\AppData\Local\Temp\87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe
"C:\Users\Admin\AppData\Local\Temp\87b4cbb85b3bcccdc700b978814e151dab8982fe372dfe6667583c4fdf3f0863.exe"
1⤵
- Drops file in Program Files directory
PID:3860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
61KB

MD5
0873eb552b0c6ec6e04f5aeabd594382

SHA1
cf922c17ad7410a06434f75ed8c088b1c86bad92

SHA256
764e400972183aa07a07f5aaf9491d6c22ce2445f7cb3205b820eabcb166f494

SHA512
f7257df86e11748246d4b8556da4de170527608d70cf115a3b789dbc6ef3c9f4be29d3e685c92e20f1101c7b0f467985b627c02e3982bc855f3b556de0c043bc

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
160KB

MD5
1db38a4b7e9b5607735a17b39c2b4db0

SHA1
c9dad26ffaa4b0e11f98659f630493050f5e8874

SHA256
754abe8e1b73095c3ef6f1421216c10c659145e4c27f171e17cf13af73671772

SHA512
0223e9897faecb14428b31da1c8873c587d73c190a5c54b6606fc0650496b33ebb085bad167f8b74da783e0bd8cc53b25317031adb2247a4aacec36c71e75820

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads