02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03

Analysis

max time kernel
150s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 18:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
Size

46KB
MD5

24f3e6fd1ba4518b74d763f7c0d70ff5
SHA1

a283762b1c8a087ffc5dc58b54a5f4d56d03dc65
SHA256

02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03
SHA512

0dcfdc65724185b80033d7abe44b0be879391e2d26cfd14c55ccc2296a08e71fa78edecbe3b5a3ee3bd6abe7440e5bf8437321d9f0ad4f34c6454b48b1b7a404
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecD8:W7BlpNLpARFbhblkYlkuvIYFWcDYcD8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO0127.ACL.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.tree.dat.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\BloodPressureTracker.xltx.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.DLL.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-TW.pak.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Calendars.dll.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp	02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe

C:\Users\Admin\AppData\Local\Temp\02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe
"C:\Users\Admin\AppData\Local\Temp\02ee98831cf8568c38fb45d12bf4740c05ef337fbdf6130892f31f6c21085c03.exe"
1⤵
- Drops file in Program Files directory
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3804,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4004 /prefetch:8
1⤵
PID:1608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

Filesize
46KB

MD5
625c25fbc24f2045f88afaf52ea9619b

SHA1
11499208581fc263b860230fb7d2e3a106f0d40b

SHA256
5eb725df31bc8ad5c61b3f26db303a864798aa8dded6bb160d5c77c7b060c9f8

SHA512
00df97f1f1163b13b6cbe983167494df4168a072af0b2e7d2336c20909f178dc04d9b953b84a73a058ce4c5a9594e696fd8ddfb668dd81a0afb909c90b31981c

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
158KB

MD5
24708be07d66f5bf80c92d2042e15991

SHA1
a226708312bf0ba6e6dce784a384f7640a5a9232

SHA256
23fa63d90d524743935b0a619f46ab332df0f599ace7a1e5810f8077ca6b357e

SHA512
624970ac1e2fd488278723500d6e3d23057a4a336b566e586a6b908aa9ecd6c665b8cb9f6668795e7325ba411f724895a5d26dcdb0ef26f0a81374e2ea7f829d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads