1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b

Analysis

max time kernel
150s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
Size

97KB
MD5

0f2619680e4c18697e2950cfad576a16
SHA1

b533dcd8aee9e58ba245d95e51a4338aaa25e038
SHA256

1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b
SHA512

8fe48397a08dea944dbd08ef492f1ba8b68fd5069b33a6c777af86134bcf70a4893dd9abfd809513210863e735f998b4425aaa7c2aa6bd7688a16b33d0f30cb6
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBV:PqFF2Ie+effyn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5023) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.gpd.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.White.png.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp	1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe

C:\Users\Admin\AppData\Local\Temp\1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe
"C:\Users\Admin\AppData\Local\Temp\1a271313295e252ef1dd60a925714d1e0a05af3a5f9b8fa98928f562a3c2518b.exe"
1⤵
- Drops file in Program Files directory
PID:3780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
97KB

MD5
674262ea808247a032a7b9c0937bf8cb

SHA1
ae15879157b652dc6a2ce07dc2bff645a9bd26b5

SHA256
a4f22cc105f2d35eb0fd965b3d3f92cf61030b67d4755c9dc116c0e051b8fd09

SHA512
8bea0b294feba06f470ee092f93ebd9c4b4a1d068e2fba5ebbdb46bddef490b4207ab45bf915bf6136a629619a33a9d0b1dc2d4707725e8eb87a31d0417d8896

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
196KB

MD5
1bd1ce411e38b66ebbb74773f0722c8e

SHA1
404f7a83c9a9f66d55d1e88c19678fec345ce258

SHA256
444dc16c93bc52c2e6069a0021fd969305642aa15dd1add830c2a9e60bbc8926

SHA512
d152c2b65a5e0613975fd8cc2365c48f089fbc6615ab465d7c1ccc2d5ea677e30e33f23da6dcc219090d568e85470149c8c2d4dfc86f886b2030ef6a3fafdb4c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads