d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0

Analysis

max time kernel
150s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 03:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
Size

64KB
MD5

fe106aa684971f2a1b53884c9b19e020
SHA1

d308349a05ee25e1c81c1fa4a8c34e212d9d42b8
SHA256

d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0
SHA512

5368cceccb70e7b7296d66eda5075e77d19e7916ac7b591a3bf0cdb702cdaf09b8a5988a8952a17e7ac739a1e03c85bb22c16302b513046ed383e4af50c43bb7
SSDEEP

768:W7Blp+pARFbhtlmlQ3y3RWvf+wi1x9f+wi1xBTCcX8vgCcX8vSd5hdx8Y:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5l

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4065) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-oob.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp	d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe

C:\Users\Admin\AppData\Local\Temp\d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe
"C:\Users\Admin\AppData\Local\Temp\d8259de0ffc12874bd0105305096bf90b045504c3eb5ecc158af9085e37b16a0.exe"
1⤵
- Drops file in Program Files directory
PID:4276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3642458265-1901903390-453309326-1000\desktop.ini.tmp

Filesize
65KB

MD5
e57a2bbd78e90675fb82bde5fa8f2d85

SHA1
b1cfc714a09e9a0ef7d35547bc22f9807116f95d

SHA256
f330903138143342d1cb0d6af5fbca3b11113e169b8cd86dd332c83e21fff41c

SHA512
92c7d04744b13c4bb87ea1188b775122700050f175368f3f2d8efce583d17eee559e93a357d2b41d5bffa888c5635b1be0dec32ee04e93eaa0b2b34898c80b5f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
164KB

MD5
d437e3aff876bad7a330c66225a031a3

SHA1
99c8d24269d6123528a17fa53de370a9f1d11fc9

SHA256
a10c1ece5639492932d9f99efab235365f30d23d994805a57193d4f6dd5d53d6

SHA512
7daf22ba2bdae3b8b985823f61c89ed6e85ddbe427961958c09469b630601cf3068ffa6a0039db100e014025bce306498ca8b735c6138eaa1ed2cff21faeaff7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads