71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
Size

35KB
MD5

2d45cd4aa36d77578c310e99535ae74a
SHA1

63c51c6a5f459626a11da0fa30d617f7f331261c
SHA256

71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54
SHA512

48f938a89789f7237945f8702a7834a274e36618ac80a3c6a9513a429d15a21a768204bb7dfefb9e806c67cf1c0341cc75cbcbd522b8053520317538a23224e2
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNQFQZUDqo8Wb3Dqo8Wb+:W7BlpppARFbhHFQZYr8WbTr8Wb+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4681) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\zh-CN.pak.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\LogoBeta.png.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\GrantSubmit.xlsx.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre-1.8\Welcome.html.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe

C:\Users\Admin\AppData\Local\Temp\71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
"C:\Users\Admin\AppData\Local\Temp\71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe"
1⤵
- Drops file in Program Files directory
PID:1052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.tmp

Filesize
35KB

MD5
e682fb8bd6eea24a0cf61c4cd9204e14

SHA1
f14336900ff8004b1ed25e9d818e34268733d003

SHA256
ed726b610062fd2eb3292c6dc061015240fa6f20da2c8c3bd237b40243e06893

SHA512
0e17020e87180f7db95bba8c7f8fbbfc5297f78e8bd162f9571366845436eb20d2d1674074269ed1b6f749cf84bed1acfb15568416b30f6eaf45339a2605c77e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
134KB

MD5
30d5285db6f16981d9b95e3308c243e8

SHA1
1210f77fb766f6c3188a07262562249579e957db

SHA256
9a2e97a5a48eeb55d9ea13f3dcbb9dde405db8d45fdce33e14d7003622e4fa5c

SHA512
f3db3f6e7544a4831a978a74d5adef0e353bd91e02f99660a9bdb13359f5288a6230ab49014b235b45a948d6c44d4ceb6bce939b7e4bf1276c712b6f759461df

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads