141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
Size

60KB
MD5

88a2ef2c8e7e69536ded4f32db123700
SHA1

8a11d554afa5bc4617fdea1745b8a4be4ad2f885
SHA256

141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805
SHA512

826fced4734761f35f19d65e5c4f0f931a41a7f57714bbeb68967f8dce2872c51537305f578538e128ad0fd4b1785ecc469a699c296ce4444b0b293b1a35ce15
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDeWm6QK:/7ZQpApze+eJfFpsJOfFpsJ5DZm6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4845) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ppd.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\InitializeStep.dotx.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\msipc.dll.mui.tmp	141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe

C:\Users\Admin\AppData\Local\Temp\141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe
"C:\Users\Admin\AppData\Local\Temp\141f5d7815f5743d8d8cdf29b8f0da40628de479af83f9ba656c0b479401a805.exe"
1⤵
- Drops file in Program Files directory
PID:3724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

Filesize
60KB

MD5
638e87d5a9c331253cadca412f40f87b

SHA1
28dffe2f792cd0e334e9a67aba0ca7df274c6ea9

SHA256
633516427a3f474c27b38bced40467d5b8b3b293f91b1094059f5ae649f0ebf4

SHA512
2841f21fe6b94d822f6d33b5c06bc19f885d108224e57db5948aaa67ddd4887a6ae5806303c34555295ca3c1d6411aff99f8e63aa45512add0d5c770b9d51d84

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
159KB

MD5
c181eb259b12e685a3ef318f86c83f3e

SHA1
6ed2051ef6830646c94a9dc34986b847758535b5

SHA256
542e90e13a4a75d4a73a1b1e4086bf684bef06f86475832c53c44b33c2e9519a

SHA512
3a1eab012e59bfe23fa1ecf13f7903cc419837ae6ea5b4f97976430663952b9bcd55decfbec0fda05a47154f6210bbf701adbd3d44cafd14666b14354995ecae

Download Submit
memory/3724-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3724-1780-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads