12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
Size

66KB
MD5

4e2939a007323d463ac14dfdfe04387f
SHA1

52a3cac2d70c44e468ca71e7f0aed0fcf5d737d5
SHA256

12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b
SHA512

4742cff849de6567e5ad0d662db5dec73195f4cca1ea33ff38de9d306527cd6c999072cc0d6e029778b02249a94dc10d3b9def536589a9377d22c3b0d853a181
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFWcDYcDlvcYNnVvcYNnSFjU8:W7ZNLpApCZuvIYYoYoN7n97nI

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.NameResolution.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\WindowsBase.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Http.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Specialized.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Controls.Ribbon.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Forms.Primitives.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Handles.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsBase.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationClientSideProviders.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationCore.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.AccessControl.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Console.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\PresentationUI.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Luna.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Luna.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.IO.Packaging.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ValueTuple.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationTypes.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Forms.Design.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationNative_cor3.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Primitives.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationProvider.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\WindowsFormsIntegration.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\UIAutomationTypes.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Diagnostics.PerformanceCounter.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Channels.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationFramework.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\WindowsBase.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Ping.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.Vectors.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-heap-l1-1-0.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationClientSideProviders.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Primitives.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.Brotli.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Pipes.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Timer.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationProvider.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Primitives.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationUI.resources.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.FileVersionInfo.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe

C:\Users\Admin\AppData\Local\Temp\12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe
"C:\Users\Admin\AppData\Local\Temp\12c907b08a86be6702e2a2af42afd6cb7339ea7c06c5595ac4f3d82bbc63eb5b.exe"
1⤵
- Drops file in Program Files directory
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3896 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:1260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
67KB

MD5
9591da12ad8b3a4f1dccb10ee924162b

SHA1
eb11684667e1cccb6c52edf93ed15c324fd2e3ba

SHA256
75f2ec13d19952e17b08d1b19f10baea2f7c13259d012fd27e92b245d9cf3348

SHA512
e8349ccf2f8c441b5970dec947f512bd17e30a87b30a8dbc06f372f82570c15861039ed260d96c08617d30d8c7b1ce380c3c73b69fbea14776d7d48e96e8f935

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
67KB

MD5
a3b446ea34f5e262ad994a09c2aa7132

SHA1
17577d988bae29386a96578e340a4aeb1be593c7

SHA256
e36e6ee8c27b93cb9f28b0ea1deb8c9ece6ede627c79496a2d30aa91e686f196

SHA512
2b51ddf2e73b2f8ed741bea354726db8e5575b31de6b6cd5d9f0a07405e3c7180e24cd7479a70ebf7e8c047884e174736a17433bd9065acef250a88a4398b5c5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads