46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238

Analysis

max time kernel
149s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
Size

85KB
MD5

70c185eac95aeee4a0f80572e87990e7
SHA1

eca8d03ec4593eceeab8ff8e0c65f478b5f1f96b
SHA256

46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238
SHA512

ac3416f19fdd1bf9b3ab0b39b87014cec809fbfce1e8338accc00de158e1b62af6376ab29db0696bf49983e470524817dca33cfa3910656d8eefb4752f374411
SSDEEP

384:GBt7Br5xjL9AgA71FbhvoBlLLrvCGQXX9vCGQXXJgfTgeTgH:W7BlpppARFbhmvjC9vjCJgfEeEH

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Xaml.resources.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\QuizShow.potx.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BSSYM7.TTF.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp	46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe

C:\Users\Admin\AppData\Local\Temp\46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe
"C:\Users\Admin\AppData\Local\Temp\46180003d3cb5f9b90b972fade4ecc6ae893e48557586ce4168e64c724634238.exe"
1⤵
- Drops file in Program Files directory
PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
85KB

MD5
788158f6d5242dcc5d867061020021c5

SHA1
aaf7d92280ab18be25863e3d97b810b733b36686

SHA256
0009533a04752ea37eb35b9b57640dead2323b5fb079624cef0be7336d9dcade

SHA512
a890e7e4961596af6ef886be2982479463151cfcbd7553bb4bcbc1d51a70035bbd4eb8aa4f44daf4a7e090afbb2cbceef08bfb8769a51b0bbf7d6058ba385f79

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
184KB

MD5
911da9fcc059478758907900242d66ce

SHA1
887a831d26ff5f877827473d47b48a11fbe47671

SHA256
ceb0e94dd46051d0307f693ce0e40cb16af603a7e077401019a31618011b5ea4

SHA512
49d18b77a0d7f6289e72e16c0822c3b1055435e6356033ac5c2dd19a0d2462f3e9309f1efe9cb54cae4215d4941379af7af28a1048326f8b4f8a4db6c53fc656

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads