90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
Size

46KB
MD5

6cda5f323b90e452c7199a0af1cb926c
SHA1

0f6856657542e49b346fa19e7cc7e745246c63d6
SHA256

90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57
SHA512

5e3b7b1656c23d977fb9e41ec0a9668e3983ffdd62d94f309718572fdec6be09678b613da23f5888035b80e16e73772f89fc4082c3a446a31ca47ce1db1f801d
SSDEEP

768:W7BlpppARFbhFAVo7FOtiJw1OtiJfo7FOtiJw1OtiJtjM2jMQ:W7ZppAp1IWINI2IQ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4694) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe

C:\Users\Admin\AppData\Local\Temp\90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe
"C:\Users\Admin\AppData\Local\Temp\90e850cc6d35dc48b2793e677e607bd2ed057620fbbe1ff369ab0c3fe027fc57.exe"
1⤵
- Drops file in Program Files directory
PID:920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2753856825-3907105642-1818461144-1000\desktop.ini.tmp

Filesize
46KB

MD5
6e7d992ca7c49abc460e4e2490f0a7e4

SHA1
7dc71cdf4f0701ad6e13ed5bbe6c0e676027ff13

SHA256
412d956d872de08f3ace93618d3509725da696840457115ded3769fffe959058

SHA512
e171d9cf9239f2849befe564dcdda45d6a43c96438b76ef3329bb175df5f316917dc4b034cbba7f1fc7d202e98e80bb085f37644ae83df88cdefce2b311d72a2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
145KB

MD5
6f23bf5f631116623eed7817b6a24345

SHA1
e39ac65e07099ab52f5822320428658e757602c0

SHA256
9729ca94bdbce77d0ba9b447e97a3e5510f9f667eb30070dd7d9d347d0d452b9

SHA512
654d428f021c60cda51833e873ed506e01e4ded17e8185955d48a03f414546ab7c2aa8e9e83e1383939abacb4a666eb0bd49b0708b42bf193830131d0754f135

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads