3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 03:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
Size

88KB
MD5

d66f6da799ff7efd19b5bde6b2059d10
SHA1

86b87c8bf55d9c4953a11b263c1307c56aaa889a
SHA256

3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c
SHA512

7c3408e8a6fa6b58165dde5158c2d1c31a2722d5ac2f345e0d68c1c18bb29a057c35a0a6f23c0ebe8ca8bf9126d8aefdf62a298a37c68442501efb7fd12d0231
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEho:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4836) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-ms.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.dll.sig.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp	3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe

C:\Users\Admin\AppData\Local\Temp\3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe
"C:\Users\Admin\AppData\Local\Temp\3510a283bbee0d3a61d5b1f65c657e85dc152e9ae9016a564f81ffab079efe3c.exe"
1⤵
- Drops file in Program Files directory
PID:3888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2494989678-839960665-2515455429-1000\desktop.ini.tmp

Filesize
89KB

MD5
3a99dabb9a52df02bb435ad2b774b506

SHA1
df855424044e47433d5a3c5ebea962d9a07850e3

SHA256
e64be50bba91b9960decb142dab73e0a10445876106a65d349189639eb053e87

SHA512
5bfa35e762bda74d2bae6b7ebe44fa91e473d3160afdc96d6904be10dc1fe22d9b571cace391b34454094b1c3d4ed2e1055f149c509678803baf4759fee65d42

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
188KB

MD5
d9d4e0971ab708389737ddf61e2189f9

SHA1
2b11c1c02dccb7191aac5ded481b90f86afa926f

SHA256
3175e1317cb5cb0c57325b701391bdeb7a07e5785055ccaa9b09bf44335bd694

SHA512
513673a215c4b4e5d752fb7a6245baafea3914ae1a777229a86765cadddd40081cb673d80f91fad94e90bc8fa217ffc46bd1c4d52c6dda5856fe05d866899b0a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads