e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d

Analysis

max time kernel
149s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 03:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
Size

91KB
MD5

d90fb10432182f9a5c20b6c69188b016
SHA1

097b155e9410b6871c12f99fb818e41f4f1c0756
SHA256

e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d
SHA512

fa7e027ccfc63b36e75e33796706758777656fdd5b8049d8cb661bc008425cdfb6420052bdd37c21b014c3244eb19b8546e43a957a5fb7c7a6d1830443c67b83
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/OfxRfxHAu39Au3lCD:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf70

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\EnableMerge.vsdm.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNB.TTF.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxl.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Java\jdk-1.8\include\jni.h.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.GRAPH.16.1033.hxn.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\assets_picker-account-addPerson-48.png.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe

C:\Users\Admin\AppData\Local\Temp\e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe
"C:\Users\Admin\AppData\Local\Temp\e8c83754f5d6e55c24bb619a585ce30a499348e3c023d755e7beb6fedbcf5d6d.exe"
1⤵
- Drops file in Program Files directory
PID:1872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
91KB

MD5
f0cb555e837dcfbd42e36f2e97b9388d

SHA1
5c330ecef5312cc85f830a0afb840d52e976e33a

SHA256
2c010880aec4385ac716250f1bce9bca6d355a53e557a48e55ce77d50c3231a7

SHA512
1922dc2935b0efe2d28cfe50c054d74574e6a6083a293abfc0d957dc1eb792c7949d859d6203b3bec2d795bd16ad34592cedb1ad6b1c4bfea61dc896e85a365e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
190KB

MD5
f9b24ba3efdb8eba9f7d70b1ed17f2df

SHA1
a147c61295744e7c7ca3ec33653689a424c05e14

SHA256
843ec4d2870dddfae7bb803e3c212826ff0794baf928ff42da20bacd1d256245

SHA512
12bf02a6aeb6299097b2170a13804fad98d2c0f25bfbf5d2fff484d58a6db7056356b6465b00cd2cf4251af26ac955e2aadf26ef23f588b6bc5a1dc5ba2aba56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads