794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89

Analysis

max time kernel
150s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
Size

91KB
MD5

db88e40ed63b2f3e595096d84e123266
SHA1

0dd8363854ec72d4f3c4e184ee6182d2c5435851
SHA256

794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89
SHA512

7bdc403d76a0602ab333f3354f3b7f76c59f0e30255a5ca140c6cd75674a032fc86797e6b4460de2647601e58c05e28578e8dbb7132c055f727cd714609db910
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/UxS:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcv

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5029) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL020.XML.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe

C:\Users\Admin\AppData\Local\Temp\794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe
"C:\Users\Admin\AppData\Local\Temp\794cf63607d3dd52f4caf9d45e3ae5b6db77437d68e4a166820a974b2e426c89.exe"
1⤵
- Drops file in Program Files directory
PID:2356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2480455240-981575606-1030659066-1000\desktop.ini.tmp

Filesize
91KB

MD5
32abb1283b1b130b30131de67b38d073

SHA1
8b234edda8586dfc695bc5de74d953e6387a7583

SHA256
9ecb011aec660329b7fc3e734d2b4e17ae9ebab0b77f20503d392f40a64866e2

SHA512
42dc93eb99b3ee2845b0fc2b493f080cb73d51c06c2ed7de6a10eebf4f1c1c80d3ee867d5681ccab6c5cc7d38aff575ca967e13c320d87d324da8d7eb6c89272

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
190KB

MD5
7828659e2fe7ca8fb840e29edd03a795

SHA1
1a49a925227d63afac657283a0005a8393b41778

SHA256
b3bf6ba40e044f7f319c1c5df57799d0353dd4eba788ef87a7d79441b0b02231

SHA512
83887ad37fccb3a1282e7166377e58577704f7cbaad8dc81b770082ada26402e0be84ffffcbf4fa39558db4f44f9b5057e6612762a2893859fdaf1ed5c637988

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads