976751931b965dab356c4e39c6d17d599dbfa74d35918c6be45ad36126ea2f83

Analysis

max time kernel
149s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
Size

83KB
MD5

1cdec23ac9cf9e9ee5fb1eb76cdfcf20
SHA1

f9aa71561301b7929a71766820ecc97d78b3de51
SHA256

976751931b965dab356c4e39c6d17d599dbfa74d35918c6be45ad36126ea2f83
SHA512

5652a946db937b8aca9d973f9b2ecb6b981dc1c9a93fd462aad61e018987a9c07c3db8016e006da7e20bd785394404acd2b856ba5cdf7f5519f154daf348dd6e
SSDEEP

768:/7BlpQpARFbhWGUKBb4JxobNH3bG3bnEXBwzEXBwi:/7ZQpAp+KBpbNX4S

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5183) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.stats.json.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe

C:\Users\Admin\AppData\Local\Temp\1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
"C:\Users\Admin\AppData\Local\Temp\1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe"
1⤵
- Drops file in Program Files directory
PID:3740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
83KB

MD5
553f64a343691b89550935fffc6448fd

SHA1
f78e12718e674697bd9ff8717efd5125788ebba9

SHA256
c4950837666cc89064e249e98f31b069cdeb73ffd9fd663d9a3e9d87caed80e1

SHA512
bc58226dbaff5f334d6406bedd6bdee7bb7c9ff47dd1d1e3355a9fb5f97bb12c3e95b7282189202c4d7a192feab7bca813c0e34c582888b299dc451af8c68369

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
182KB

MD5
31668df3d13b5c8b9d064a470e8ace88

SHA1
f2344334939edc0481065029eeadb9b9bb074143

SHA256
3f617f3e36188ee9572f6bcd63e20025bedf4f08535ca69a8ca873b5ca0a5ed3

SHA512
f290e759aeb4be9d70a6a3e03d741aa47531eacef194e83ecedcfa27f7d0c46bd02d958d4edc36521b2f1c18834154d5f086578cc33d2098aea88e45ecf45730

Download Submit
memory/3740-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads