ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
Size

48KB
MD5

65fa8a0bcf9625585f396ba3b74917d4
SHA1

08280b1cedf39ebd9c8a21aba896b6f79376b770
SHA256

ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298
SHA512

d040adc7dac46bab65fc33247f599b24e428aaa14eb31105cb89d1e23f65b7ec2da679c10f7ce7a0f5b0e9ff52c4e9880a6fb60f9eb3844090162a52929de831
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNh6c:W7BlpppARFbhWJQiX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5127) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WordInterProviderRanker.bin.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jre-1.8\bin\nio.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PowerPointCombinedFloatieModel.bin.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\FA000000006.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.boot.tree.dat.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe

C:\Users\Admin\AppData\Local\Temp\ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
"C:\Users\Admin\AppData\Local\Temp\ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe"
1⤵
- Drops file in Program Files directory
PID:3320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
48KB

MD5
315c08c434600d15201f0c2921366dd5

SHA1
1db60a3a5b5635dabfecbe6fac072bc8f1056d8b

SHA256
49b8eb709c2b96c3fc42b471105f86408cd5d5907e0cadfb43e534ec6e54ab7d

SHA512
ba20c989a98d572a9f1f8d442c59b4e711a3a87d1c70d0c1aa3f1caa624bf650381d91d7907120cb6dabf22b11f873c4bdc1db6a11a74f7a7056edbf13189ec7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
147KB

MD5
99baa8c67d0003678e958d58d15d9325

SHA1
b77bc9a69afdc93afe7ddffb8e1d17bcb86ed381

SHA256
8eb56943a81bdd87ae57a816c00f42db4686f2cb1cc26dcff4398c817a375470

SHA512
58417787b67d5a301d329c870714b229953e8ac543276d86fb0a441abc765518c87b771ea09accf9f9dbfec8310263d01a6a5b778a741646f5107e80102931c8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads