204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
Size

41KB
MD5

aeaa27d20a6f40102b282ac1acd2f6ac
SHA1

9b56fc012a8117214d8a5d51fcf32fe51bf4c7fc
SHA256

204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d
SHA512

843851241d0b916087464f5bba462627466434f10f4145e19867a39908f6258c9065c63094d24ee7e3172b86ac3308a2242447435ad60405e6ed8deaa3eacb0b
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpK720Mm720MhKAJxaKAJx8:W7ZppApBULcfpHLcfpp191R

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5241) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARABD.TTF.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\te.pak.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Java\jre-1.8\bin\splashscreen.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ko.pak.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CLICK.WAV.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VCCORLIB140_APP.DLL.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp	204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe

C:\Users\Admin\AppData\Local\Temp\204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe
"C:\Users\Admin\AppData\Local\Temp\204437ecafb000e74fcf30570b3e134b1a3d2d60296934089fd5b63f4d0f168d.exe"
1⤵
- Drops file in Program Files directory
PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
41KB

MD5
bb4ce680e113c0cf4c4862d0e43ec308

SHA1
0397eb6025bb87b750c326d8f0f4ec87c06f4203

SHA256
0a5aa44bcc02bb20706fed683acb475283910c59030102f38d31f9aa1e2755a0

SHA512
8a8098e5ec39181e2fe5e0ae50a51e23cd8f70161c8cdadd9d79b442e61bdcc2b698bb479a0312252e933e3e05b1e807e9243cb19a3a89a74f0dcbb4677c36bd

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
140KB

MD5
1667aff1e9f6b8eb293366a4d0ace613

SHA1
b75baa909771124da54cf73885a6222103b20365

SHA256
fcba2e4ca146beea5e142c2e87badd9a5adcc814f9b9e758676b6c4a791541c1

SHA512
4173bca659ddb15e8f600b7ef05ce804615aa61a419a49e8018655ba82f181bb7463033f4528d4348057d049347947ba8885bb483b1adda7483ec855f49ead06

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads