5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6

Analysis

max time kernel
150s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
Size

47KB
MD5

30a29af7e1930eb8a9670994a33aba0f
SHA1

53becf005ac698739210598fccb70fc3b3b3125c
SHA256

5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6
SHA512

566f6b638be7811e4cd92482754c35899612024efa40d1be3de36e03748b8da2b3d3d77ea5c524a0269d0c014b7705c71380220622037d11a4ded19e67d6bc98
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrRYKYUosMosnn/oA/ox:W7BlpppARFbhWJq5nosMosy

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4845) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPRESOURCES.DLL.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\Office.Runtime.js.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp	5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe

C:\Users\Admin\AppData\Local\Temp\5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe
"C:\Users\Admin\AppData\Local\Temp\5a8a2b6ddfaef7c9bd00b59cdf50037437a299373e700e9c778f2bb655e522c6.exe"
1⤵
- Drops file in Program Files directory
PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

Filesize
48KB

MD5
d68aa8b177fbdf66fd6d8328bb9b8ab3

SHA1
bde1a7a8116cb2ca0c7acf674089d0bd3d172484

SHA256
8248cb0d1b0bdca4509d1d38ac6668550696103d93cea0510a9b04037a70e2ac

SHA512
a6168d666862eeef9885be820f7ad825081140554cc288a3614cb88f4967800e2e56135291b822a0d9b4d21b980ea2262ab3f827e24e3931badf7551a083c2ae

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
146KB

MD5
f5a2907b4677811af8066832bc8c1ef5

SHA1
40cd8cafbac708da900a23f21418e25658b94b30

SHA256
d2a2840b5ae49c903db55aa811bee98abe9215bba60ff1525baef04876d38f91

SHA512
f3caeb0a43d82c282492c7b00d430afac72188101f2e87d231db5b03f1ac867dea8abaf769b4bd6eb0edcb735ac55500a20cae100f5922cf21720cc01c9caf8e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads