2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3

Analysis

max time kernel
132s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
Size

50KB
MD5

d218a9c4128e09004c3c51f0016255f0
SHA1

c5cad658e1787d306f6209b633d88399493ecf96
SHA256

2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3
SHA512

6399dad36c602957df033c2fdbe5e542ca10fec2978770eac0fa74b24ba29d1af507a16e6f470dcb29e849e748046e60380bc9f8c77925a7cef926391457375c
SSDEEP

768:W7BlpppARFbhbt7Y7zPhwyPhwdOwOWF/MF/I:W7ZppApIayan2A

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4691) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp	2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe

C:\Users\Admin\AppData\Local\Temp\2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe
"C:\Users\Admin\AppData\Local\Temp\2a8553c0558268ed998d4c225bcfd03957b7d61f8f701add71c065aa50b67ad3.exe"
1⤵
- Drops file in Program Files directory
PID:440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
50KB

MD5
27cc5d6f750b290a5be1ecd107a77615

SHA1
12018d5bd738e5a5ad3150e85a50c8092f012d69

SHA256
7782a4dae9d9740dd7791df75699c2e6c7de9467f98b4f0052364c7d5dda9351

SHA512
3a8fb25ca86322683d0ef61ca27f26a4be6100248f787df7c3fd54b0bdb3b061387ce19fbec23277616cf3c61e8002791b6030f96da3e2db27f01c74808d2560

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
149KB

MD5
cbd5140b25531631ad9d126154e42333

SHA1
8863f1a7348cf2106fa495568cda3c2002decdf8

SHA256
3436e09b6e1eac366817783311eafe5e7a9619591db2d54e30abfc7a87929115

SHA512
0327b6908cbb2c3f2190757c826fe7b80243185b025ec783ddf961225be3a1768cc287b7e4e1602fbd252278990a038050dcae7351cb2f5fc4c6987aff728f48

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads