f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
Size

80KB
MD5

8957293541c98fa59b4c6ee720d30e58
SHA1

eb560902d54218cfa7fc345d01113322a83a2ad9
SHA256

f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7
SHA512

66476346958447fe0c8feeb14c31aa2addb69d612824bf674503b2ac8934ab7134e3aa7639653af6bad2f3204d38f189ae8e6289e5813365821cbdeb45a011b5
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh3:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WordInterProviderRanker.bin.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\QuizShow.potx.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\BloodPressureTracker.xltx.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\JoinUninstall.ico.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\PLANNERS.ONE.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp	f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe

C:\Users\Admin\AppData\Local\Temp\f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe
"C:\Users\Admin\AppData\Local\Temp\f9a580984b969136cc495c6fd027554deea0f605659da76fe362177eab28cdd7.exe"
1⤵
- Drops file in Program Files directory
PID:116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
80KB

MD5
12f2c41d0480dea62bec4bdbc45e31d5

SHA1
a27226b91cae3d4c018d324ebc57a762ffe0c8dc

SHA256
cb8d86e1d97ee2ee624a56373095c514dff1bdd3d128ffba1e0f5842a230b157

SHA512
281bb0ac208acadecdc4b1df947a7a48af8d86f5c0fdd070c37d9fadde5bb0eb2000f51743107d53affac5143c9f83dec99a19ef78498e8fd504bc87d8aa701b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
179KB

MD5
dd13c1288b7c173de8e84c19cb601128

SHA1
21921a142ebd6c1666e282a372df28693b876a08

SHA256
8ac1eaa2d7346379078430f95f3e614f01a68022824fadbc0d5d33e4cf034ac6

SHA512
6aad00b3012490f5dce4f71627d903df39c84f8fd7f1bcbd810448760aef1abc12b6fd4c8ff142a28afcbe0f7a42ee159286aa8a2ed2c4a050f1cb146d10b96c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads