Analysis Overview

score

9^/10

SHA256

578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f

Threat Level: Likely malicious

The file 578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3542) files with added filename extension

Renames multiple (4984) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 23:06

Signatures

Unsigned PE

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 23:06

Reported

2024-06-13 23:09

Platform

win7-20240508-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe"

Signatures

Renames multiple (3542) files with added filename extension

ransomware

Drops file in Program Files directory

Description	Indicator	Process	Target
File created	C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\settings.css.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Windows Journal\de-DE\jnwmon.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Windows Mail\msoe.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\OutProtect.DVR-MS.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Windows Sidebar\it-IT\sbdrop.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libgl_plugin.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Windows Journal\en-US\Journal.exe.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A

Processes

C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe

"C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5	820d431a57f7393434aebfce2326ce89
SHA1	b7a01f6f995f6137ee4b23c43b41e5b113f684c1
SHA256	79eba0ea0c1391f8992ab7438d40a4bc73f6290482f4171dc12b6e6e6466cfc3
SHA512	46d18393334b49e7b50586fd4cde98f254fbaaf66528dc15d9c670284572fdc4f75ac42356af3f234acb08c273f44fe8784edf30a23d50165ef3e1c92b2958a4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5	33c3be63f604eabb2b360230cff9687c
SHA1	0e9245ad3be2c806da62c07d61460dfd69eb1352
SHA256	93c4532fcd98478e5ca530995aa67e28815834cc732661dc0fbe88bf58ae348e
SHA512	4d2d568920ce7e6e697674e88b16f99edccec07acfb9b557849444eeb7d4910742d16d2fae2be78dd7bdb789d26956f8cc7362b75a2ab3e4246ae4344a1e0d3a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 23:06

Reported

2024-06-13 23:09

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe"

Signatures

Renames multiple (4984) files with added filename extension

ransomware

Drops file in Program Files directory

Description	Indicator	Process	Target
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\he.pak.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp	C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe	N/A

Processes

C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe

"C:\Users\Admin\AppData\Local\Temp\578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f.exe"

Network

Country	Destination	Domain	Proto
US	8.8.8.8:53	g.bing.com	udp
US	204.79.197.237:443	g.bing.com	tcp
NL	23.62.61.194:443	www.bing.com	tcp
US	8.8.8.8:53	237.197.79.204.in-addr.arpa	udp
US	8.8.8.8:53	71.159.190.20.in-addr.arpa	udp
US	8.8.8.8:53	249.197.17.2.in-addr.arpa	udp
US	8.8.8.8:53	43.58.199.20.in-addr.arpa	udp
US	8.8.8.8:53	194.61.62.23.in-addr.arpa	udp
US	8.8.8.8:53	103.169.127.40.in-addr.arpa	udp
US	8.8.8.8:53	206.23.85.13.in-addr.arpa	udp
US	8.8.8.8:53	240.221.184.93.in-addr.arpa	udp
US	8.8.8.8:53	17.173.189.20.in-addr.arpa	udp

Files

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5	e9017ef755c5284c8e35945660c8d31f
SHA1	7617f42ba9ffe62a4100115719b85741f2e85880
SHA256	e629bccdad8f6fe4ac0b18ad1b648679039f0b6165ad7cbe33f145fd925b33f5
SHA512	1df63738c043502193376aeaa8071307ac10949f259e332fdfdf565ba068c78e49de267c6f0711bd2fcfdd7d7c9be2c57a7d53e89e670efc162f531d00a4144c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5	656c9f833d8aae4f07add10f7bdf4aa6
SHA1	f04eef56ad53e4487bde11ca85a3941373c15a0e
SHA256	d5e9364ca601f972e988b5009689575a9504b0232e9223cea3859d32519f8450
SHA512	fd98b0622941bd660664c0ec11091d23543cd87508cd05a34b47bbe71824b8f11f784fb696a7597a9106e6cf89e4bf2f100a0c0fb211dd99acb1028f59938f71

Sample ID	240613-23vkgayanp
Target	578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f
SHA256	578798cd412d115a50639f57598c94a476a9e0b2f8ae0abfd1d9a4362072555f
Tags	ransomware

Malware Analysis Report

2024-07-28 16:26

Table of Contents

Analysis Overview

Threat Level: Likely malicious

Malicious Activity Summary

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files