92f78fc0e4f38e1b7063486b910938f1c13e5f06427165228fed38af0d43786f

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a992e57086ac6f521eeefbef3c42120N.exe
Size

39KB
MD5

1a992e57086ac6f521eeefbef3c42120
SHA1

1de366d471ed756bff7388a97cd168bc7c23e63b
SHA256

92f78fc0e4f38e1b7063486b910938f1c13e5f06427165228fed38af0d43786f
SHA512

b333c6570d221a75df47c8f53fc67e2e0a7b7ad5135e47effa1bd78eb5474c4544e5b81a84954d722f0e8e22961ba1c718f84c69b606aae02ea3567f6a39aec3
SSDEEP

768:W7BlpppARFbhjbhQYjYXoSQOKiJdpMO2iJWpbOmiJfoSQOKiJdpMO2iJWpbOmiJR:W7ZppApBeF8wF8eyKoIWbsHfySkT5Ge6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5275) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsBase.resources.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.tree.dat.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.tree.dat.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\EUROTOOL.XLAM.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.png.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\HideRepair.wm.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp	1a992e57086ac6f521eeefbef3c42120N.exe

C:\Users\Admin\AppData\Local\Temp\1a992e57086ac6f521eeefbef3c42120N.exe
"C:\Users\Admin\AppData\Local\Temp\1a992e57086ac6f521eeefbef3c42120N.exe"
1⤵
- Drops file in Program Files directory
PID:4452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2480455240-981575606-1030659066-1000\desktop.ini.tmp

Filesize
40KB

MD5
064fb5f2c7fa3da3db70b7b8f4494f48

SHA1
52df5cb8d4941d42bccaaed9b4bc073b3aba7519

SHA256
3e18181e2d007a040cf0b3d9cdfdc707f201f5ea79cb2e654d4e1f10f6c8c129

SHA512
21a6989b155553c61b8cbed1f70875738d858500662dc3eeddd0becabc3b21071ca3bec047d301cc2535c720833a1366d4ed924b3550ec147b3e93dcee7028a1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
138KB

MD5
3c5a749865c7953a95ffd250c6b77364

SHA1
ee7027e8ab6236531261b103cfc4e769c548a9bd

SHA256
0e88b7ceb4e038590223eae62664bbfac5e983f0c644e072196b94042868e740

SHA512
ae447e9f62b81d61e3a1390dfcebd198074c4a70c9325ad2b46ebce376d3cd06dd0a7b321bd6932946683fe719f707ee039eeee022a0082826f96c823827bc21

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads