609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 22:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
Size

45KB
MD5

3e404e26b7756ba2e73f204ce2106614
SHA1

258732b94d5d2cff8d8d7483105f532f6824654f
SHA256

609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361
SHA512

f9f7e58e6c7b2d5d2709afad35b0a35b922d1a57accef2be5e16bcf17f50ede47252154919db6b293d71ccc2cdf0b82dfe755fd83ac2f2ff43998bfe2d0a85fa
SSDEEP

768:W7BlpppARFbhFANJKaJKDhZ/D5zf6ydyf+abMkF24kzK3jbrCkoRWNk+AhZ/D5zA:W7ZppApoJKaJKlZ/D5zf6ydyf+abMkFP

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4633) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotdintl.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe

C:\Users\Admin\AppData\Local\Temp\609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
"C:\Users\Admin\AppData\Local\Temp\609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe"
1⤵
- Drops file in Program Files directory
PID:4720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

Filesize
45KB

MD5
57ae7c5af52a57f2f2fd4150a07a4c0a

SHA1
e8c4f806c8c79d564b279fe588a40c25d2fc2e10

SHA256
d9d367bef5bf6b9c54280a35c9bd6d376a4ccb5fd2d1b80bb41882c069e86d11

SHA512
aca8d625c89ab678068dbe51a22733a9facce510b1e608dc906f5e54c8616bb4878be4cf60a64105ed5c6324b02c67d450cf80914d7fe20a90565a08c1d770d1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
144KB

MD5
6f8e1561fe16f53af51e0bdff10b6bfb

SHA1
1e64c9968ad4bb4dd9f5901e1fd61379262e38c5

SHA256
64b32445fa39b27e578762c3fba777d9782017a17d2af56137f9091ce197ba1f

SHA512
b722cde67886f62ce82479035bcf8aa864e366d3ed2fe65e4e486ba92d94aef603ec4eb440dec450f337130a9f3b2fee4b847246a4e5739c96e966a61a0727db

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads