b75f7ec828ac6ab87e284711021c31fb7f5047fc06906d5573a7bc26cb5d6979

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 11:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

06961f635517e3d80e252c6a3a48ca10N.exe
Size

48KB
MD5

06961f635517e3d80e252c6a3a48ca10
SHA1

6dce8321f54a58aeec8c4dcb13e75d798afbdfe2
SHA256

b75f7ec828ac6ab87e284711021c31fb7f5047fc06906d5573a7bc26cb5d6979
SHA512

d8b0f68f9059f697b1b532109ede15bba1652758d07122a58991bf9bc03daa4f1376bbc8f9eb78d4a14e14be136528c1bcbd2bf45ea827976b13bb9ffcf956d1
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHssMzMss7sYEieAEie8s:W7BlpNLpARFbhblkYlkuvIYFdHYhT9ax

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2039) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Primitives.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	06961f635517e3d80e252c6a3a48ca10N.exe

C:\Users\Admin\AppData\Local\Temp\06961f635517e3d80e252c6a3a48ca10N.exe
"C:\Users\Admin\AppData\Local\Temp\06961f635517e3d80e252c6a3a48ca10N.exe"
1⤵
- Drops file in Program Files directory
PID:4356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2753856825-3907105642-1818461144-1000\desktop.ini.tmp

Filesize
48KB

MD5
0208c43f9de592544b2adaba43c80e93

SHA1
e4fd82a464739f2b2fdebc2d17f379d50ddfe59c

SHA256
2a3e2b97abffce9a2a6aac95d46be397eb37f4844f8b5a447acf2477cf777474

SHA512
8b5bb7a89c3b28f6942edbcd6d583817ab27e0dd885d29470b9059b06497ac25b956d1a12fc3f165da4624a18fd8db717c9aa7c90222c5662f9798f80e21335b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
147KB

MD5
d4f4a749b0af675180df10f94e63ad74

SHA1
2aaf8610b6b6e47b46c504072c421ec2b1a98ede

SHA256
30805691c88d3183b0d5ec5d20422d6842bad30a6f59f5cd15e04554a035b1ca

SHA512
74a022a4349ff8148d2926f43cb7e66032c86dc8ee91f16b9092be62f92bf837f5e09fb20081b4765ad1e770cc8b6eeca8bc10f01776ba6b36ee913dd0f73e35

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads