e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 04:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
Size

60KB
MD5

6880bfba67d780ee48e0348ce78d4d8d
SHA1

08efb4225ce553b005673b40feaa1faab209713e
SHA256

e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3
SHA512

c3226a1b6807029ffbf0ecb1abf22cfca2eb69da99896f2b17464e0549549135d476da9a6a9775b52a72c36053a8885bf3625e0418565b390bf45db4e6ec9a71
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcXcMc+7C:/7ZQpApze+eJfFpsJOfFpsJMTnC

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5045) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\assets_picker-account-addPerson-48.png.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Extensions.dll.tmp	e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe

C:\Users\Admin\AppData\Local\Temp\e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe
"C:\Users\Admin\AppData\Local\Temp\e37680339aec8f41a3d856ba5fd7ff8383665c2362234b3fa1c7507ceff3e8c3.exe"
1⤵
- Drops file in Program Files directory
PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
61KB

MD5
347a56d66d217eb863220341e80580bc

SHA1
7bf07b3df6105e8f13abbc1996c461eb24ec6d31

SHA256
14dc370dcbf1d05b74173fedfe7e705f438b263bed24afa15b0f708cfe2e2dca

SHA512
ac5b6801fce61623c0c4d72c9c0ff0962fbdbfd177cc05b6af16fa3b2f1593d98ecac532b698797890ae9a9081486cdb16cb69bbb19d4bdb53bc529841106a45

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
159KB

MD5
5246dab4d59298afeb1f8a82ccba5dc2

SHA1
00c38593eb65321ee5449588435a34e630b34eae

SHA256
0e6e1efcbeca0ebf5e58fd4f2b0d10b9f4348c3c2d553b02ed9656c95c79eb3e

SHA512
91fc6332e57d356c973363d5d3d5be1a9b39c5fa60939f1929055fa50821c0080b5d142f690361adca27a2d3d7f1f917868526b05399f4f1bbb572f71379ce87

Download Submit
memory/1876-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1876-1960-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads