f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e

Analysis

max time kernel
150s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
Size

40KB
MD5

32e91c74e612dc187252a43ccb5b5817
SHA1

d29fcc1de96e463b7996ea6ee4b7bb3c61621754
SHA256

f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e
SHA512

4bec799e67696d38247f1c6d02a45329f58a62e32dfd9c53f3d74b82f7d9c0c443dcb8fb45b22484e4424ec621946077e4073ec5d2a5847d79cb5f98ffa0985c
SSDEEP

768:W7BlpppARFbhbt7Y7FoICOiJfoICOiJQ444ZqV:W7ZppApWmjXL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5251) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.NetFX35.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\Office.Runtime.js.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\hostpolicy.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxbgt.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\DESIGNER.ONE.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Java\jre-1.8\bin\nio.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\DisableOut.mp2.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ar.pak.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\GroupSync.ex_.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe

C:\Users\Admin\AppData\Local\Temp\f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe
"C:\Users\Admin\AppData\Local\Temp\f54edafad74897acff0b1d942a94bb002453b40681e863e96e5b90e745a1ba0e.exe"
1⤵
- Drops file in Program Files directory
PID:1828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
40KB

MD5
8572fa73457ae1c1e7a2fc468ad2f0d9

SHA1
8aa28752dfa8b5fd752dc1f3e7dff55f1f2474ea

SHA256
6b59a4afe2ad5689c06127a0bad4abc41625d75ce7b0a9e75aa3746ffd90b644

SHA512
f4aaf1d4a7bf6f29e20e5e5c09af59ea01bb3e879e9771d810429269107209a48543dbf37aa40653920908a3d166e63aaf5d1c7cd379df049521599e84ef0f58

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
139KB

MD5
d09cdf586975cca36fa674c7ca48fa04

SHA1
d72840bb923fce000e38220a0542c37720e9a043

SHA256
34a46e0963119d1d74632022a2c27bf567316a0278a196e014567451d91ae973

SHA512
8addb21da194234d77b05f9f87e0e14dc211c4a72f4a44cb472a00e87ef8cec7dd608b2eac8a08bc1f5390069057f596807cae1274f41e2fd280a120fc3b566a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads