47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c

Analysis

max time kernel
150s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
Size

98KB
MD5

a1b3f58b52eb985b2da3b68a14555974
SHA1

07e08c59714e0d97f49aa7fdb0b8e7503d2f7cb1
SHA256

47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c
SHA512

c8e338d6bd49542486d56713895351445c712657b7ae14d1660a2a3fcbcba7dbed9452dd77207f476b33b6334b1a5aabb0d0a9cb7047c731fa637b431070f64a
SSDEEP

1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8z3MLOSm:6DWpwE7oL2e+efZwZ08i8z3MLG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4998) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.png.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\JoinOptimize.jpe.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\eventlog_provider.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL044.XML.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClient.resources.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WORD_WHATSNEW.XML.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp	47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe

C:\Users\Admin\AppData\Local\Temp\47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe
"C:\Users\Admin\AppData\Local\Temp\47f8b5db332f1a847d13da65fa06981e9ff9481ac1320b78bea1b5b815e3409c.exe"
1⤵
- Drops file in Program Files directory
PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
98KB

MD5
21c367fde4d0b0154a337ebdf3d64d94

SHA1
2356ef66aca2adb6cb14c5672241d88a9a70b1b1

SHA256
67300579b039402625120ff707dd2a755d982768624bbe368a3e71d2d122c6ad

SHA512
526b2fb2b1116c93eddb256f96a9b87028f390530f8cd0f53be8eda369408196737beda43bc71519e9cf84fec63a76e0a56453afa37841f0aa48d348ee22d026

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
197KB

MD5
3fb6a19b8edd407af60e7c3d71b3691d

SHA1
5458be6d0621a0011d5c1f1ffa84a8b6ac5f11f7

SHA256
f09f16517b58b95193d4ff65e338a4071a5a65f12cbf60aa3783d9970f2a5048

SHA512
22545081e85839840ad3e7b17c5ae23f81891c76e906cae4fbe1fa74ecefc8a1a2ac83a5ba2095ff46ece05ee1bf2f92143ca3b8c0febc984ef2ef1f79b0dcca

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads