25c6c79dbf5b85ca60e0a9f88c7761c8904d4dc8ad1a3c71acf37aa6ccf5f9a2

Analysis

max time kernel
150s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22a12e1b43b029017b1f3875d3d38d10N.exe
Size

31KB
MD5

22a12e1b43b029017b1f3875d3d38d10
SHA1

ea1758c84394f8a4526a25812beab1b974facd2e
SHA256

25c6c79dbf5b85ca60e0a9f88c7761c8904d4dc8ad1a3c71acf37aa6ccf5f9a2
SHA512

70f3b9d1ce9514ed8ff133002bad5f741e84795578d6d5d560fbbada0245fb5faf2c33a7c95d319c68154dff22525148d36d25fd7cfa69c29ed4740fda8bcce8
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNUl9FHljFnl9FHljFK:W7BlpppARFbhlFlF/FlFK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5287) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-MEDIUM.TTF.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoDev.png.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHIC.TTF.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\OriginResume.Dotx.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsBase.resources.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUB.TTF.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp	22a12e1b43b029017b1f3875d3d38d10N.exe

C:\Users\Admin\AppData\Local\Temp\22a12e1b43b029017b1f3875d3d38d10N.exe
"C:\Users\Admin\AppData\Local\Temp\22a12e1b43b029017b1f3875d3d38d10N.exe"
1⤵
- Drops file in Program Files directory
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4424,i,17705702031385645742,8200011525621908985,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:8
1⤵
PID:1112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-661257284-3186977026-4220467887-1000\desktop.ini.tmp

Filesize
31KB

MD5
3a6b7218bef9f75b04a959e22e83998d

SHA1
d40b032ead3fb9b5e245b746a4a29c28bd3ccf66

SHA256
82467ed24ca67644d26a5098137fd750b341a019ee54f09b3c45b08bcbea8019

SHA512
294ef48b4033a056b8c27f4c4f379e2a0a728bd3aacffd653a8d539d7b2e2896c75fd82c2566327a6c9fae07e9c2c03c62b9acaaa9d5d313fb5be23c10419b3b

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
144KB

MD5
d0f82430a0a1811d376bead79940f0da

SHA1
2071f2b1f0a7fccf3a4dfd98b22c17ec3e37da3f

SHA256
0e782f5d7f61e2870fc84d40d5a0980df5cae6a9c4c7d716f282f5ed209aab06

SHA512
da8349fe053ee8e589a5b8530027efb11c509c8328b65131b12d0e52425298aeae98f4e02d22138ed11336233094cd5c17b375a20bd5b79c3d55e85fbb4ec947

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads