30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
Size

47KB
MD5

5f4a60b46d362256ce9a06c41ea2ccca
SHA1

c9fc7e0a624f4909fd732c41f1117f364fff92de
SHA256

30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c
SHA512

c7a5ddf104888454587c5fdf1201be53eeb875c6dc70fc2cd24c1ee5d78b55712abea2c14636a999a19859c6e8a3b652b686e3eeda3ded45bda8d0ec1149cbb9
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNO:W7BlpppARFbhWJQis

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5322) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VVIEWER.DLL.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-synch-l1-2-0.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark.png.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\meta-index.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe

C:\Users\Admin\AppData\Local\Temp\30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe
"C:\Users\Admin\AppData\Local\Temp\30b5343e106efe1b686c5cdb23cf9b5b1dcf5cf6b0e60bbce2e6b8d7c302911c.exe"
1⤵
- Drops file in Program Files directory
PID:3516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
47KB

MD5
b48c98b9e1e9fe5ee2e56528411a812f

SHA1
5a6a0ccca0269d005186d2bbe06101ef18ac2dcb

SHA256
3f6649d86fae41bbee531e072474cb66b6b72a2ee0da06bde738dee2fc49c2eb

SHA512
9c4a4d8905ce8fb5a45fe67d0248b7ee0d85a57c8eaf00debbfea392c5a709d84d8506905dd4e7432262fbf08dbc025d6cf4eef56bd968db3de95ffc5d0b2c04

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
146KB

MD5
15076995d1c7bf256017e857ba50f6f4

SHA1
63f7e382561006e5b5c4290e6ff5a356e7913d6f

SHA256
f7404ca1da11cd1dac0a4893b9db9e42905f24b8e1c3e93bb3f8ae576e1f0983

SHA512
cbb09fbd582f0b648d2fb6b3f86bffbea3024c545c010fb0a075b93389ae4e86f160c602220f8560fa69ea27da104f2a326fd65dccb087225227c4ad533e8b6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads