d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d

Analysis

max time kernel
150s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
Size

73KB
MD5

e1ef74194f7d96137dcaef4b01c7e777
SHA1

e27d5e4c5b59705d012c263a49370b220f6169a6
SHA256

d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d
SHA512

9ff18d7d21dff80b9290521e0f6b2e06580d4555e3dba07f8f5cd3282975548c44de7e7f7c7e444fe29678bfc5372945106563e3744be997dc302273228c3208
SSDEEP

1536:W7ZNLpApCZuvIY0KNKnF3KNKnFrfxRfxo:6NLWpCZLY0KNKnF3KNKnFrf7fu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4643) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsBase.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\FormatCopy.001.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp	d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe

C:\Users\Admin\AppData\Local\Temp\d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe
"C:\Users\Admin\AppData\Local\Temp\d835b4f9f10db4335c02fc38b4328565b48aeef602fb2952c7ff169c63b0e64d.exe"
1⤵
- Drops file in Program Files directory
PID:5112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2494989678-839960665-2515455429-1000\desktop.ini.tmp

Filesize
74KB

MD5
f78d82671c7c46be15eb45fbb6b058d9

SHA1
6a683a4aaf892a8a447dd4dfe77899469146603c

SHA256
b7ca35c3dfe3800cde85905d4eae63764b8b42283206f0120bf6ebe25b671600

SHA512
d91cd4fea262605f399f71705c82a17c0fc23338129b0c27ed2099e4baa191bd2df97659515212dd38a3a1a1dbac33ac65b800d319eb80e0bcf9daf25b97cb7c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
172KB

MD5
f06495b33a1d9f0e44c8d2b28b529826

SHA1
c1c93b87e7c8b163bde2abbbacb9713c37b699ff

SHA256
27a913b5ccbc7a0fc046a82ce451cf3e55da8e8623e6e911c5a09ab09fbed09b

SHA512
f3b6d3e0210472751f38570c4a2879d01490852f4892ab49a06e0a4034289ece6356fc69bbec3b05ed7982ab133ba01f09b65e195f2eb6f75665ed83326416c4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads