77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5

Analysis

max time kernel
150s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 23:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
Size

98KB
MD5

6f1c5ff7965d096afd350c50fe28dc0d
SHA1

160816833d908ab689e40d9b7c847f06fa76a438
SHA256

77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5
SHA512

def8069d3ce7c462219bb0a82a124536a5719ab14a7297c44c29c0fcd406f493a0dd12cc6c67b72b93a1ff3504095ef1b5af7051673aa707deebb7e178bd799b
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB8:PqFF2Ie+efsim2f

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5097) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-CN.pak.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Java\jre-1.8\lib\meta-index.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.LEX.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe

C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe
"C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe"
1⤵
- Drops file in Program Files directory
PID:4560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
98KB

MD5
4669f39568a1082088b2986109465ae5

SHA1
75b07953bacba045c948e839870a53790c724ab9

SHA256
fce17d04efa8f7b423e5a2f33819865f1eede06ce87ba0d42f6102be5a474564

SHA512
e4b68031e2234c5bd4d29416f3d3a3e819ac0bab56b7c358dab4752617e315bd3d8de8c85d407e03d846960fb7dc3ea773c028d89936a18db2ef505ab7dc4c68

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
197KB

MD5
d237d19df2b28a4ed66eb347d9d51df1

SHA1
375db42d014ac7511bd5951ec3203a5ccaa0f0fb

SHA256
78225b75cb5d554e63aec99efa5228c68889ae7e320604d0833b7c47fe8d1962

SHA512
2996db31067fcf4c9f2f6f8e022449445b8f99ec2860fc7dca5b3c73aef47dc427229b003768691d3f6b39db30da3a3d6e6e75d4993e271c89c11e7b1235ff05

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads