403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
Size

50KB
MD5

0a2bb975ea3b12f1985a7301dba53b94
SHA1

0e0328503f11eeff7767f542cda326e1d4e44962
SHA256

403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9
SHA512

6526971a7e6cf7b6148e98a35bf43a2c98653e04c3f1fcfa56b7be2240f5ecfd79c3c4dcaf080699ef690c261193c1592cdc768e75b1d7cf52678ac3738f32e0
SSDEEP

768:W7BlpppARFbhbt7Y7FoICOiJfoICOiJQ444ZqcjXY/IjXY/NKRKP:W7ZppApWmjXWY/IY/NYW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5199) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\af.pak.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-180.png.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\FA000000050.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.ini.tmp	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe

C:\Users\Admin\AppData\Local\Temp\403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe
"C:\Users\Admin\AppData\Local\Temp\403655733455fe7de5d0ced471faf42a2c85b79cc095c67c5a071ae9a8fe92f9.exe"
1⤵
- Drops file in Program Files directory
PID:4196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
50KB

MD5
6dfe0266699565ab783546263027c0ca

SHA1
8268c1d9076db96a20ba1bb6f2411146c1a8bec6

SHA256
929ebe432a24b6f61ab2090ecf2feaec46279e55f10d4d863a103cc2fffc4e79

SHA512
fabf8f74f89d664f49ba7bbcae41236ff61a49f6942561583085cef7fa1ad7159844d9dab5c348dfaefd868b43ceb070adb6b243f2982b155d807f163e075116

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
149KB

MD5
6b119b91a596a67e53951a4e0c787e9c

SHA1
ad9560345798507bb8f7c9d81970ba0983dfa0d8

SHA256
c5e48cf0fe90eac206d943ef7dbe49ed6d4e50cc892043ce4220058bab962ba5

SHA512
0f01cccd7baf9687d3a81d9b2e8873d46f692959dc72ce56218170349d605b53d56114de7ee37207660abf51dc65de4c5d9ceaf8bfd559270a9265a382d853a5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads