4da0d20f7fc0ced98d3e124c510b5477e92582cf1e71db98613e513c254c451c

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e6d0e9d65f790075415b48e1a0e1fb0N.exe
Size

43KB
MD5

1e6d0e9d65f790075415b48e1a0e1fb0
SHA1

e16182cf245723e9ae5b4d3a4e658c5a7aa35e83
SHA256

4da0d20f7fc0ced98d3e124c510b5477e92582cf1e71db98613e513c254c451c
SHA512

c839654ba7ad8d66c310ba9f28dde62ddf68e74da330734b59f0eaa27c4a3cdde49334862cde911e9db17ae8a46f7fb676af2a4629e26eb9f3d729df87f357cf
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0ox:W7ZppApBULcfpHLcfpX2/Nw/NwQ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2741) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp	1e6d0e9d65f790075415b48e1a0e1fb0N.exe

C:\Users\Admin\AppData\Local\Temp\1e6d0e9d65f790075415b48e1a0e1fb0N.exe
"C:\Users\Admin\AppData\Local\Temp\1e6d0e9d65f790075415b48e1a0e1fb0N.exe"
1⤵
- Drops file in Program Files directory
PID:4268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-587429654-1855694383-2268796072-1000\desktop.ini.tmp

Filesize
43KB

MD5
dce6b2fd3dd9423e7631f683d312d491

SHA1
c0dcb4f9502a3befab3d64dee332abb50352dd13

SHA256
c1894c1fb74719e2794efb964cfe85ecece8f91c0bd97a3c0b58b2fb2f74804c

SHA512
8d43ac2ca674f42833d2f27c860d43243e1b2bd1a4e543548bfb99f3aa16f619f7d7fae279a5658cb66c963b2f23c766aac17591367c95f4fb869445c44483e4

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
142KB

MD5
bec908addc5f98fab86ae3483fee805f

SHA1
f1ebcc206acfc8b23077691258abc8ed3fb7fccb

SHA256
5528c88928c43b4b3f535e8a01a7ce467a16c99ce37e1729ea6bf0ed1078cd6e

SHA512
a0b2ed63743c2f01065c9d26b98fe9e0577a08f7ad3e9aba5f274ad52d5bd573a73fb0a680d4ec2a108b0b76caa82db02afcc52c2853d144900961c7414e4de7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads