bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167

Analysis

max time kernel
153s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
Size

57KB
MD5

b153f41d4fffd7c642383dbeebe8b6c7
SHA1

df058de8f4b6c030883bdddce951c3ef15dd3b8e
SHA256

bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167
SHA512

7d4d7ef6c90c2c32f0248ac5fba597e12d54d0549cd3e18cdc07ef8c23d79c74afedae6474ca5902da8e9786c77ba7857ec1f5616e43a1ee536c2185b6b9002b
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDPo0xOyyiJfo0xOyyiV:/7ZQpApze+eJfFpsJOfFpsJ5Dhb9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1296) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Extensions.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Json.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationClientSideProviders.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.IO.Packaging.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsBase.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationClientSideProviders.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Linq.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationCore.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.Design.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\clretwrc.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.EventLog.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Primitives.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Classic.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Drawing.Primitives.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Reader.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.Forms.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationClient.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\PresentationCore.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Cng.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Input.Manipulations.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Input.Manipulations.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationProvider.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Writer.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Drawing.Common.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Configuration.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationCore.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationUI.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Loader.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Xml.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-convert-l1-1-0.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\PresentationCore.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Web.HttpUtility.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\PresentationFramework.resources.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Presentation.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.Vectors.dll.tmp	bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe

C:\Users\Admin\AppData\Local\Temp\bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe
"C:\Users\Admin\AppData\Local\Temp\bda54166e8fbf7328791ee71a8bf55f869973d4dda9c62b3fab277d361a2f167.exe"
1⤵
- Drops file in Program Files directory
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3736 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:4396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
57KB

MD5
5e734656f3c9e5896a3b8f3ad7d33c9d

SHA1
834402e8c800feaedd5546f0353f7f326cbf8831

SHA256
fff8581bb6a72f44834e5cfc7a4ca3babb80cb5d8612f33d16cc84147feedd1c

SHA512
647be102ecba3b3895b3275ded7c597d980e5359d6f38260b114c9e6739231901a2d983231bb9e9298f5d00d4d08810dfe99e21f1b361cae5f7d9df81ce9a068

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
57KB

MD5
010b77594f060bf65a9b5eeec3d04d74

SHA1
9aab0288f864a5d670421fb13d021a8a7dcaedcf

SHA256
c244dd1f87077e10870c89b52828224ba7df16e85ab5b0070db4e678cd97b72e

SHA512
66019d4fc6742b0d8944589e9d72ce3053cc635acd97ab4ebc5f1b5570ec4103f1feccdc8f39e52f853cd1b207cf6bccf95593a6cce773e141aac29eee15e30f

Download Submit
memory/4480-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4480-408-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads