7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8

Analysis

max time kernel
150s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19/06/2024, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
Size

95KB
MD5

a937e2f4b1d805f6ab5153772c4e7a80
SHA1

4a0a21e30a707dace253cbf3809d8bba91a93e7b
SHA256

7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8
SHA512

6f8f4b632797a6809c7029b823426a1533d7dada7de428e9d73083abe6caa61c13a51f23fb1926c4a6ea97330191a12c79e04263830436a0a649bca3e1a62adf
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaqv/:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TecProxy.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bn.pak.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\DocumentRepository.ico.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\manifest.xml.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe

C:\Users\Admin\AppData\Local\Temp\7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe
"C:\Users\Admin\AppData\Local\Temp\7835738816332be7b8cd5f925e17a503f57e989c021be8c3717309be876bc2e8.exe"
1⤵
- Drops file in Program Files directory
PID:4480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
95KB

MD5
2f7ae8378b1812be5beda7526b162a1a

SHA1
3827d8bbd65b333700e7f3d42471a677ab0b80fd

SHA256
a3230a4410860b31ff5480f08efd630244b15b4dcec9bd11a91f5639728ed759

SHA512
8bc28c615092c4323f26bc7359ef3d6d8d65758b95babc3cc3a92322c6baba1e2c7bf7e1ea450a7a816142d801f92aa78ad2ad2d67e2f40474c7bf8c4029e932

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
194KB

MD5
f506968d3c49cc39e02ce2dace303b62

SHA1
fd8ac25afeb095ef4fea6b749ee3efdd79cd63e9

SHA256
cd3f6f69dabcd89315be43f51f1af1d6a87438ab0f6ced20ba7b1b42f8f4656e

SHA512
2a99456d347d2fd3b637d2ecee2d4700dfed905481eaed6d920c749bff2859db05d2c29f010216dde25d87a7210de7ee20baf0dae5b6d55bcc65a5eca3c5ba07

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads