258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
Size

56KB
MD5

af7b6ccb677e9a124ca796f621eab08c
SHA1

d64c75971558abba0ec4798dcc535d46aeac0a8d
SHA256

258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd
SHA512

aa310daf3f01c993f424fda7a3da51edc18d30b8233c3d6565b48c4e190b2d4ddceeb01d3e2639217c2b7ff8c5a83ae4301cc19c411e7087e59407833fb49760
SSDEEP

384:yBs7Br5xjL8AgA71FbhvhwMF1XxXEh+v8L1f13PQ:/7BlpQpARFbhtF1XxXEhk8U

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5346) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\DisconnectSearch.iso.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\HxRuntime.HxS.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\STSLIST.DLL.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe

C:\Users\Admin\AppData\Local\Temp\258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
"C:\Users\Admin\AppData\Local\Temp\258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe"
1⤵
- Drops file in Program Files directory
PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
56KB

MD5
9e68d32d035685ab1f4525253a9380cd

SHA1
a9a62a7586011a71d537835d9a62a6ea950a698b

SHA256
a3cddfd9445b44dc7c76b62538e25fec8d1f3fe2916e9e5498b286b95bdf518f

SHA512
ba36450ce13ce3d553642fd3d9c70e93a0a1d30d42e40a99079af90c5356e6df9d76ddb71cdeb84fea71ba2e99be90dfe3a14af6722c3b7487333bb7fb55e744

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
155KB

MD5
a287b1bc946d3b5b9d52f09201bf67d5

SHA1
9e3a7894e87fac0847470c75a6c1647491445572

SHA256
deb3a68b00422f2d7cba2a27b9a944026267397d9b44d47c6f22c0162b61f340

SHA512
ce42abafde055e435870744e53e6e980dda1c139d7504b0bce223a945ee919bee509a88865006b07acbe910eaba4cc431d0ffd5fec91a7046a6d2ddef4a705e6

Download Submit
memory/1776-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1776-1996-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads