53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc

Analysis

max time kernel
149s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
Size

39KB
MD5

bcee8b7f1b9379bfcb84e6dd96a8a6fd
SHA1

bc40ba3097291b17a371c08057e5d64a40d72180
SHA256

53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc
SHA512

38a877ff520af830e65be6056a684448b89ff52221b757af3d83d04c13560b46c9aae20651830b12125f36bd4bd08438e3a43e7c19b6e676d222518de83ec9cb
SSDEEP

768:/7BlpQpARFbhn54fmiy+3BVr54fmiy+3BVV:/7ZQpApmiV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5318) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\DisconnectUnregister.mov.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Java\jre-1.8\LICENSE.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClient.resources.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe

C:\Users\Admin\AppData\Local\Temp\53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe
"C:\Users\Admin\AppData\Local\Temp\53393ae6290a09feba22a48f31bdaea69bafa4c3b97a76dbf5ec02c9e90169dc.exe"
1⤵
- Drops file in Program Files directory
PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
39KB

MD5
618c9bcbba91af24e9bb3096a188fbcb

SHA1
01e04e809a047e817df132032d1dd20c64ca0d18

SHA256
5a3b41cdd2047194e438ae3d2912fa654cc2bdf08d8f9c5cdce9099e0e965284

SHA512
c1e8f429bbe64e5eeedfd96db50170fe21d72d17b1a915a4895528f823fdd9c312f54f9a4ec5fc5cb24c19093cf05e0ec40adf41abea9de9e4a42311cdf55140

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
138KB

MD5
4ff48923866ead46bc722282c0759268

SHA1
63fe22b4e9852e3899e98b14525fbea7c636615f

SHA256
28e275bf48d6a5c8a4813160e6265d482bdbde8b8b6525f065d0494e2664c582

SHA512
cc238819d8310ff833a004f1a4a24edd099b33190d24ae7ae56a5c464d8fc29a8ef407f169b1a16f290b7901563a1ffe4d2918ad8326ef35cf18d88cdb9859c7

Download Submit
memory/1456-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1456-1972-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads