a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd

Analysis

max time kernel
150s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 00:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
Size

99KB
MD5

0805c2f9e77dcbdbc3867ee15bcfe257
SHA1

dafdb3dbdb75d3c2b141bb29be1263e05ac4765e
SHA256

a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd
SHA512

95bda36aef9e2813ffb87ac3c932d4f6fb15af971546fbfc1240bfbf230327b20b4f95e6cd1605df53e6cbea89f479bcf2b4038e1ff5e2ac7816a27b46f5d874
SSDEEP

3072:9QWpze+eO888888888888888888888888888888888888888888888888888888X:Lpe+ekeq1l

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5069) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp	a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe

C:\Users\Admin\AppData\Local\Temp\a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe
"C:\Users\Admin\AppData\Local\Temp\a3efcf19bb4dfc9dc444c395cc25e9d67083fd0ba05d06973a59b4638bb023fd.exe"
1⤵
- Drops file in Program Files directory
PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
99KB

MD5
f94421526b71016392aa9689aecbacb9

SHA1
09316aea697601188fcc564950d3212819653833

SHA256
f95f5b5bf1856d319b6125281220b4d9a0c1033ce5a964f32ced82368e0f38f5

SHA512
561ef7888fb152bf977f9629e29e3acc6f70931255148ee3937b7dcdce1d6efbc4cb34bdd00a7af3e918f5a9082c0fed8369135fc9818cf9add6c175eda9efa4

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
198KB

MD5
3600cb84df1896815215dc5ac5c2f455

SHA1
05c023747897ed7b061bd08cf4c873c0884d74ff

SHA256
31813a5a85396da801c34df1924efe00bf90372972c49223364ddd323d24d62a

SHA512
c074207157b0ecd4836b23c83e008f19b1bac412f056ca449126ba84389b39233d6fd45c727b11e5f144d32a0fd6269aca759fe330f7e41304628f8911c46528

Download Submit
memory/2532-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads