2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
Size

56KB
MD5

beda5563f941b401060343afa398efe6
SHA1

fa0b44d6b0a7df8cde71545b758ab52eda30eaec
SHA256

2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063
SHA512

de0a483d48d47d087a2e041b11c421ab3e13378a86cdba7cbac1b49c84874f023bc4e3217505bf16b6b058885ccf7d067460e470f757497f317123dd6577a7c7
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcmaz1jGInB1z1jGInBO:/7ZQpApze+eJfFpsJOfFpsJwjBTjBO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4135) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.Registry.AccessControl.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp	2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe

C:\Users\Admin\AppData\Local\Temp\2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe
"C:\Users\Admin\AppData\Local\Temp\2811f20b9e746506a2de7e12d65ab2888e0db38727525dfcec4c854631610063.exe"
1⤵
- Drops file in Program Files directory
PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-587429654-1855694383-2268796072-1000\desktop.ini.tmp

Filesize
56KB

MD5
aaf6a192baec9f0cde85df4417db030b

SHA1
020a558958abd55fb8ece5d3f39bdb790497dc95

SHA256
26cc8c716e79e4ce6f1f7963228c5cfdfa2e71fa3cc9ea2d250e31af20aad173

SHA512
799d6f158608378bca08e8dfc44402e46d234bf7d525209587c87b3184af0687159f5acfc52f081747cd6d42a37d7732ec636bb9b09f59c658d8b4a78357d9f4

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
155KB

MD5
34337482d1a79c9ccab1fd21d7ae1ae8

SHA1
d25630638f60fded30f784d31c3b7064990cc74b

SHA256
e7a051fae9e3178f1c38c9e019acf9efd844969ab08d22f5ceafbdc05fb18807

SHA512
37c4d78c36ac413cd1a07a296b418a2014de7f57af9a3ac1af7922d049a251a419cd974eae53e128214e911969f93a686464c0cb95ed5f919652608f96fa1016

Download Submit
memory/3060-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3060-1426-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads