231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
Size

38KB
MD5

1b9b0c82160bc82be94ef9f4c1f287ae
SHA1

875b2abfb977323d2e76d9234186f0e54d8ea432
SHA256

231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad
SHA512

29d270bed80e1c35a88057dbef781eb9d9f945d51d975ccebd76d56e879dbd3c63e9e4c50bc9969cb94d63cd256e4971d9697997d3ead4c2114a1b20aff20fb7
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrSLmnsNw/NwjiAi1:W7BlpppARFbhknrSLmsNw/NwC

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5275) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPCORE.DLL.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-stdio-l1-1-0.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.png.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-private-l1-1-0.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.boot.tree.dat.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\offfiltx.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Java\jre8\lib\deployment.config.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe

C:\Users\Admin\AppData\Local\Temp\231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe
"C:\Users\Admin\AppData\Local\Temp\231ca7d974a868fd69e32378ac17eb6a2c2dc18d0577b901e28587ebcb2b28ad.exe"
1⤵
- Drops file in Program Files directory
PID:4268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

Filesize
38KB

MD5
d01c54bd5cd7cb4dd46f1077c3485925

SHA1
5938dbe4143ff708a57cc25d9f43d7707b01be09

SHA256
b317c4f5bc8b7f30304e0dbedca89ad5cb5d3e41b66c5d56cb22adbd4118d71a

SHA512
e8fcc5391342f31ec4a80c62471ae9c64aa56ac43de30ae9ee9010cfdc4108007bf52c1a6463c3a75149dffc9627be04cf0594aa7e3e07eca1804bbd8bbbfc8a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
137KB

MD5
d2033df55221e718f0d8b85b319074de

SHA1
3e22b7b6b5bac3712469116eb07ddcee6623c013

SHA256
7e27f199e3871a7797dcf3575bfdd9b0a97d266f0c8bf287db7fac0785b72fc6

SHA512
a9caaac4401d23c973b4a808cece08f96ce3677db562ee32bede35ac651dec9db06fb94c516eae522e674ccb4aa6b15c299bc7b4cb903ad866cba5b584af3b1e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads