d0e7062be4451f7f5488e71951c6b331c39a8b73ad34d42499fd64fd1681a25e

Analysis

max time kernel
149s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15f5303695a2b8c4f4fb3e6006a48480.exe
Size

83KB
MD5

15f5303695a2b8c4f4fb3e6006a48480
SHA1

3055aeffcd5d049402f91e739b69f824c0316f1c
SHA256

d0e7062be4451f7f5488e71951c6b331c39a8b73ad34d42499fd64fd1681a25e
SHA512

0e782149e0ce5da6c45a47c92a01fa4566d48e8b6828ab6262ac26c7c3ff21b06dde48d6d179d7b2fc35bd73e8b7581b465e43643592233916b177bcadc60f79
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcmnGUNGU4EXBwzEXBwnR5hrxR5hrt:/7ZQpApze+eJfFpsJOfFpsJeFrxFrd42

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bg.pak.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.tree.dat.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.boot.tree.dat.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\DocumentRepository.ico.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp	15f5303695a2b8c4f4fb3e6006a48480.exe

C:\Users\Admin\AppData\Local\Temp\15f5303695a2b8c4f4fb3e6006a48480.exe
"C:\Users\Admin\AppData\Local\Temp\15f5303695a2b8c4f4fb3e6006a48480.exe"
1⤵
- Drops file in Program Files directory
PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
83KB

MD5
7d6dd7054ccdfe70e434bb082130283d

SHA1
7f3ca550c4a2b8ac0216ccb590d762416e09f615

SHA256
30a322d384330b5d7ed370b37e1171dd69b423b9d02234b2389bacc5c472f715

SHA512
292e9e93fa8e4439e2beab6b01a3db36f4514f277c91eb8d66a78de0e5e4c58571e14dfef26abef27493cf8a8e8258b27cdf0f0c2251b04c9f51cc20bf483de0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
182KB

MD5
0debc005c6a3b0efc0ceb217afaed6c1

SHA1
ff411f8f9585e828b011af068fa2da2161ff9d6e

SHA256
24c13a60ef46a22e066834925a14535b405261214999aeda8a8d0eea334b47ee

SHA512
86e925fb33c33dfcca353888e15fd497303b4b00edf9f55c72b126517a2a8d2c881860cdec2de3da905c840d79f5d08e2bc62868222d254f85cc0f6836f2b009

Download Submit
memory/1048-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1048-1914-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads