9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
Size

64KB
MD5

4d079b2af55ad4cf1d8a67f9d1c7efc5
SHA1

a69e4c613451b8d447a81fe3a1d498b77e1b428a
SHA256

9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1
SHA512

73db819f77de559b342e564662b66b88e70a2f157783395f1a80771ff5b3911e26155e268aad533ba2767d9de3f76a8d48cd926dfb9800d759ebb0aaf9ef6384
SSDEEP

768:W7BlpppARFbhWJq5nosMosToFRaKAJu3hh4RaKAJu3hhY:W7ZppApF5noZo4oRhChS

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4898) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClient.resources.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp	9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe

C:\Users\Admin\AppData\Local\Temp\9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe
"C:\Users\Admin\AppData\Local\Temp\9382fb6bc68cbad54f393f79665b7d696e2711c31b883564611d5fb00cb645d1.exe"
1⤵
- Drops file in Program Files directory
PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
64KB

MD5
35c7fa47c81a1ac9cc16ba2c665ad9fc

SHA1
7efa28050700c0eed94591e570eacbc308d56ac3

SHA256
ba7ee90ce8fa72ab0f3b495464c11910ae92470ae3d6bcb5cbb6d469a2c5f08d

SHA512
bd73bdbd3f21ee5a1b3bd3b2618738eb601cdf2a8b093914af0719083c49b34add921f6dce181bfafedf627124e3f7413dc28c9adb7fecdece973e6ea5ce241c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
163KB

MD5
06ac95ddc060c50022f84cdaae623c75

SHA1
a087aa6c5c01380b163b50d219c44e013f7ed2b0

SHA256
2fc1c4eccbe6531abb7d2a5e2b79555663a63833adccebfba9b8088d44ed94eb

SHA512
c5af50dab633fdec9ae8fc54b389ba86acccaf9ab44e0df785bf3fa97244402645782fddd85d60179bcf7388fbcc676ae6b5293d56968169d77b011a58adc557

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads