19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982

Analysis

max time kernel
151s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
Size

57KB
MD5

797405e55eaeeefb693954eba44f242f
SHA1

dce138608a515248845f677e09884419fd9eb70b
SHA256

19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982
SHA512

3f3f117e22b815adc0423d2f885cb80034b7412ae09126f2a653c59128579140ed6e714ce1bde0edb79224f8011b9bb6902520225e5fe49aeb8f10b4a665b08b
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJwXFhFNCgCUo2sOiJd3OiJfo2sOiJd3OiJ3:W7ZppApkFhFNpJYjY/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1346) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Diagnostics.EventLog.Messages.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\WindowsFormsIntegration.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\WindowsFormsIntegration.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsBase.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Claims.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\ReachFramework.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.FileVersionInfo.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Forms.Primitives.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\PresentationFramework.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.DirectoryServices.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Xaml.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TextWriterTraceListener.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.FileSystem.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationClient.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\System.Windows.Forms.Primitives.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\WindowsBase.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Forms.Primitives.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\ReachFramework.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.DataAnnotations.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\msquic.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.DataSetExtensions.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Security.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\UIAutomationProvider.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.DiagnosticSource.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\ReachFramework.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.DispatchProxy.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.25 (x64).swidtag.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Threading.AccessControl.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.Design.Editors.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\ReachFramework.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Forms.Design.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscorlib.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationProvider.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationCore.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Calendars.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Json.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationUI.resources.dll.tmp	19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe

C:\Users\Admin\AppData\Local\Temp\19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe
"C:\Users\Admin\AppData\Local\Temp\19f129eb98f6cb5411c15fa570f1ff3a6bed312dcf288ebec7b9203d48058982.exe"
1⤵
- Drops file in Program Files directory
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1268 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:4248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
57KB

MD5
4f5b78aa758b0a044fe5131257d136dd

SHA1
1b8e3b87644d753d0bdf5a5adbc92bd4904ded46

SHA256
78502b0a5b8ca2b79b4172c26fd5b798b76cc829246a687dcd1871cdcaa7af7e

SHA512
dc6bc9938f59a15d0b6c3ed31c984dcfd2f387d74e90ac4456497678c4c715263b58b11a9273b0c9daf95c4c687c862473ca89c59576d80fa6e7affbbcbb1c9b

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
57KB

MD5
4fd01fdcc87be34aaa30d9525f7912a0

SHA1
cecd1d38b24d06ab58001ef7d84051d38d190328

SHA256
316ef8de70a12482cde33e65dde27b223f0895486330ef31747b2e99de1a4fef

SHA512
7b0227be746ca8e9f9bf3591dd95ffdac0cb1aff2a5fab7983165ac28b78c8347913caba71992a57cbb8f820ce6a205fbd20c92a88bf6ca23167fb87c9c49c6f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads