0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674

Analysis

max time kernel
150s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
Size

40KB
MD5

000c1c4a74451211fefed4b92f7b53cd
SHA1

9dbe6793f4fa442653a402f48a3d1c869bf94db0
SHA256

0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674
SHA512

0f1b708110ba84ad6c4d89ecdaa11cd3b53af7b8981044a1d59cde765fcb72d6bb563e3a7cd1a19bef20a5cf1ce39062ab7311cee8ca4255218e0e1cb9722c0b
SSDEEP

768:W7BlpppARFbhbt7Y7FoICOiJfoICOiJQ444ZqO:W7ZppApWmjX4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5350) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msmgdsrv_xl.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-synch-l1-2-0.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_200_percent.pak.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.stats.json.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-oob.xrm-ms.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSB.TTF.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe

C:\Users\Admin\AppData\Local\Temp\0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
"C:\Users\Admin\AppData\Local\Temp\0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe"
1⤵
- Drops file in Program Files directory
PID:3368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
40KB

MD5
feae03409965f16bbbdf4eedc7a1432b

SHA1
050cbba4efdfdaf774af18717eb59834513bfd87

SHA256
281d9833793fe73abe1342d7694f984062ccaefd11be75eecb747ab3750a871d

SHA512
5da5483c0e81eee9dab36bbb74d28279e3c3e3fbff6b87ead96a3bc927eeb94696c8d3c8537cac8437e53983bf4663e435b7236c43f8a282c99787518cd119f5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
139KB

MD5
c047d70ea45ab09ab36fc67cf83a1257

SHA1
5d5b8ca5f8d500a388b020fbf8fcad6ac4906dbb

SHA256
7129979cf00dcf56cefddd6943e6a0f4e7c8a159ec18a18725f83fa6719cf60b

SHA512
10a4af736324d7655a53120dba3e7965135fb0f9bbe19937b45beeb7b1af83700f55229c3595a824952bc5fba18cf115fe5eadc88486fee9fdb7dcfaed95fa11

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads