2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a

Analysis

max time kernel
149s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
Size

36KB
MD5

9d068dd2d195d4d7553c8d3ecd65443c
SHA1

abbc8e4c01b936fe9e2c07f589ad0b24eb5d79ed
SHA256

2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a
SHA512

4d861ca7e4945075360a485a5149486a78f2fe93756c973d7add5f7bb1f3b47b45674905ca7a1b540bdfb8bcbfcb96574de455ef9b9dc09d2fed9bb09896bf57
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrSLmnsNw/NwY:W7BlpppARFbhknrSLmsNw/NwY

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUABI.TTF.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_100_percent.pak.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp	2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe

C:\Users\Admin\AppData\Local\Temp\2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe
"C:\Users\Admin\AppData\Local\Temp\2f6fe76774123c045a2ebbe19c3f00d621af419f36e1ec449bb531288626f88a.exe"
1⤵
- Drops file in Program Files directory
PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

Filesize
36KB

MD5
e231dd1ff88554f81b8fc3d4a5c5be7c

SHA1
2ddf8eb8812d5edf4316738e3c56aa00bbd613a8

SHA256
dfa6e479d903f39d49ab48d988ec6a410a453435f790f206d1ab4e4008682f97

SHA512
fb024e743ae83f91c27d4a4ea3a703a59877af0c845b02a0b0422ebfd7ed74298749dbd5bf0b0dd0f9510492087ce5c1b4421fabc2ab775b4a58517a745bceef

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
135KB

MD5
0d1a05ce9955c88cb21e2a5e665be08e

SHA1
bc87b34cac6c35fa5b072e33018ce947049a37f1

SHA256
984ea499aba66feae896e3688935d8b511eb61fb7a6ab5023077977171da2dcc

SHA512
5620711b676899aebbb7dfc681e69557c8107a91b1d8191aa2bba069918aaaa7b63d17e97543bc6f008943f32f32434b7e20dbb2e9ad5de014e0b1cd6fd1f908

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads