3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6

Analysis

max time kernel
150s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
Size

89KB
MD5

e4ef77869ead7a4fc8c379035f03a970
SHA1

4f382cc2ba1b8488a0fc6ba3bb011473dc8ba65e
SHA256

3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6
SHA512

75b13418ce106b341c84da79a69c3060ccfaa9540ffab950ed96cb2187fbafcde975a8ec6f467dffdf078d33512db555620fd3edb32ccd835aaa032f7118bfcc
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK2LUf7XQ27XQCtf:69WpQE0zUzXZXf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4862) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp	3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe

C:\Users\Admin\AppData\Local\Temp\3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe
"C:\Users\Admin\AppData\Local\Temp\3582a7e1950a9196ec61439a76e6514c9026c153a247b2697b562d5141e884a6.exe"
1⤵
- Drops file in Program Files directory
PID:3300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
89KB

MD5
ce1e8c5ba4390187e061d8f4725e0473

SHA1
8c1f27755eb3cdee0a6844a964a31dc3c427228a

SHA256
753394408422e9c0eafa3941d6e1ec19ae0bbca7dbf0734897c816b40ffa427d

SHA512
363b8fc7f40ad6af862e0d0f62a6efd22b3fb9f91869eccb30317bbb307f6627e6f741e54bcc901a8459c08986b29cff9a33e51902bd84cff4eb5ebde323375a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
188KB

MD5
398560be00687fe49895c559aae083f5

SHA1
9bbd92f2eae77a0249fb08f85d771c0b77701639

SHA256
18bc952a40411431c0a0c4957f24330b92b9961b60b45a19e3f104590252d11e

SHA512
9f2862571d2be7182d6817a53d0f540b3760356e28fc3ed1cbd12ef566074b070be86d44ab567450d45d5ac3b25bcbb346df2aaf72503bfcf0a75792835f1da6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads