a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a

Resubmissions

30/06/2024, 00:43

240630-a225da1apg 9

30/06/2024, 00:40

240630-az78ls1alc 9

Analysis

max time kernel
150s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
Size

79KB
MD5

725e65aa9cb9f4e2e7e85f6893cd189f
SHA1

b785900d47cae459aace67417c7b2df977c012f0
SHA256

a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a
SHA512

7adddd2f38483ebf77d0cfd2967a02ebd2eaf6a7add751c6d5423034139f6d75b05d6a46b0bd3e36072882e4d7ad973612c2f2c610a16ce85515172bfa90f31b
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhYCDPdICDPdoQc:W7ZDpApYbWjIoPyPoLzV7c6Sh1dldoQc

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5032) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_wer.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.png.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp	a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe

C:\Users\Admin\AppData\Local\Temp\a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe
"C:\Users\Admin\AppData\Local\Temp\a62c2d7ccf33edfced2f449ecbc4e861c97870f66346eccc3ac3d8fb81db347a.exe"
1⤵
- Drops file in Program Files directory
PID:700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
80KB

MD5
11de3994f817cc9c6d74059e30ccded7

SHA1
f65af81b9bacc4d2580b7ad400323292b36aea21

SHA256
258aa02c7db56d0a7aa7611af01a10293cb32966b9313a7fdfc8ce107daefadf

SHA512
c243ebbdd4a510c94f1247071aeb735e9a30dc86b8142f0c7d66ba5b968ec41c714a6cabe7a45080990593cedc853cd5edf9dc7480eede58c37aabea14fc86f3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
178KB

MD5
b0c6010685a7a17446119fbdf5a820a1

SHA1
40b52a3b2927e7713d533847069a7af8e2beb6a2

SHA256
6ea37bcbf2603ff032c1fda9af71a01ab8402b7bf9d632b53a06deb6ddb7f0e3

SHA512
57d641c3fd879003661d1b7f66d49919e0f7bf9a1bd7d3fc9c8f86b9908e5394c545ad734e3be0a1536af417d5408f9a7de4c0b91d812d67f665a39cd33371e0

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads