0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
Size

51KB
MD5

a085ab7c011c0342cb25f76a875def10
SHA1

8caf02f949afa713e22acb99d3f551d306baaed0
SHA256

0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595
SHA512

96468aa880f81516997c342a8897f3b199c9c4abc51efb3b5d50f925beac5bab76728cee9e8c38b8bf2d26ec4e623d8dfda934767fb358071cf453eb472a2143
SSDEEP

768:W7BlpppARFbhbt7Y7zPhwyPhwdOwOWF/MF/b4:W7ZppApIayan2T4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5278) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYH.TTC.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.png.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\he.pak.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Xaml.resources.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe

C:\Users\Admin\AppData\Local\Temp\0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe
"C:\Users\Admin\AppData\Local\Temp\0596c16553bd80cf99ed4b5688659a0f55983853d5e06c51267c9647c35e2595.exe"
1⤵
- Drops file in Program Files directory
PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
51KB

MD5
ea276ddabca7cfb9f89503d698f5f79b

SHA1
bccff933460c28261ef71f9b68ebb606614792e9

SHA256
e8ea31862cf133324a2948b9a546c51556defa6bc6d497b81e66e9f6b0166927

SHA512
5b76b2f5b0b88ea53d59d0ed7f0d1ead4120ff0c557e3826cfdc2535a5c7c222e4ad217e725a56083b77414765f5dfe7313131dafdce874befc283b3c9ea412b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
150KB

MD5
ebaee6d5d05811e5f97e76c81e0bf087

SHA1
4a1ae1395d8af796c4351b53f9f9dfa0f1a94a06

SHA256
4b3ffb564a808f8bf70f965208ee4fa95c0b48b729ec8548f0a041c701669d70

SHA512
ed168bdc9a857c3d2fbb87a5da77a998a807f3e653febdbedd5c023d94641204d66e6221895bd877e80b9edd42c2c0c665c6bdf66a4a7706ecb5ce6d8845cd77

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads