9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
Size

36KB
MD5

645a02cf287d719553c684f7b34e1809
SHA1

9323f35df6a800d93338fe47068b3685353f8da8
SHA256

9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846
SHA512

8a3901eb2c7277986e1675c8cdeaf03c1f7766f5a175c506e75a4a6422f86699f840ac7811f60b78f741a4eb3e434be0319c9aefbd4691dff38ad3ec2fec9aaa
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN10wpAp/lvolGClvolG4y:W7BlpppARFbhbt7Y7L

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5363) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia32.msi.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.png.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEWDAT.DLL.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\MSFT.png.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ClassicPhotoAlbum.potx.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.tree.dat.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationCore.resources.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\hxds.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe

C:\Users\Admin\AppData\Local\Temp\9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe
"C:\Users\Admin\AppData\Local\Temp\9a3454c25d6451373717f3248e308b70dfa58cc46dc83e28eb1af456c6544846.exe"
1⤵
- Drops file in Program Files directory
PID:1004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
37KB

MD5
c0c2e0f3ac504633a90eeea8eb2bf2c6

SHA1
77ae60a81e5830bbeb977e13eb105efe29c7c769

SHA256
60529dc47d29e98805a0d44e19d59205d125500d9f926772245637485e205125

SHA512
4d95ee0ab49afedae7b9d1617a89d3509ebe0bc3b4f34db5cbf4c7e2f1dcf6dc990af7be4ee174b8689bfdb3c32fa9af6889ff208ddd596f57f18b03f8e419fc

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
136KB

MD5
e9fe39d0bf0c0e01bfc8aa4b62569b77

SHA1
7f6b541c5ad35c7194d666b97c5bab15d3fcbf9d

SHA256
aa4c5dedf2c6e34a8d3862fee85a915f976402245041bdcf8ab28f2c28b105c0

SHA512
16643c6e2eea385b2336a14b7c68e7753c0125ae54c2a1946f1ca3345e2173659911c61ddfcb1a24ba304fd5de6e46ed7fc07571d673c3b86a34ea9dd860179a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads