47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca

Analysis

max time kernel
149s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
Size

92KB
MD5

7634a286928142a3b6fa48f2606138ec
SHA1

1d1f76a9e2762473568245bb335cae9733d61cd5
SHA256

47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca
SHA512

c1373baec0156954c6d77933bbf742c236b4e35dd51f313565f08b03e243c3ab9eb253188a252570a7681d18756a8dddeec3eed6a185767387a5baa433beabbd
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/HfFpsJOfFpsJd:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfF8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5021) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationFramework.resources.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Java\jdk-1.8\LICENSE.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe

C:\Users\Admin\AppData\Local\Temp\47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe
"C:\Users\Admin\AppData\Local\Temp\47220c59e4b66a2885a577419fcb1e44c88e4b5464492b67e3ed34ea96eeaeca.exe"
1⤵
- Drops file in Program Files directory
PID:3816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2480455240-981575606-1030659066-1000\desktop.ini.tmp

Filesize
93KB

MD5
daab4053449998fe90b36fb493e543de

SHA1
daa7151d0d2469d08b18f97cf0c2a01aad6b729c

SHA256
79408b59dffcf1e8b73e16b7c91a9c37e439a9e4aa122e7903302be8016e9f03

SHA512
1b3a700dac6b3563715c60d349f640bf32675ab068d0ddb4739c2c11362164dc869e3474a19d69bf5103d8ccfcf45c67be28361300c0dec5b6d631f5c3a4e07e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
191KB

MD5
26aa8780a8e29a803df5d41e070b5ffd

SHA1
35895f946542d9b6d3d0bb3cf0f2025e37a5b569

SHA256
617d0872401eb2e5ab7833c3286de3db87c3f263bb8ab565307e683eb458ef20

SHA512
0f62c742b08f5fa4c1f4ef8105267d98dcb6bbe1d0640266e9463a42b041455b191f6af63986bd5c17de883ea49cd20749d567f0b12723728568e966459e5da5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads