359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7

Analysis

max time kernel
149s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 21:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
Size

47KB
MD5

beec46e51019085e003e6c8059e62fb9
SHA1

86a44a72cc89a07645ef39c62bc009079d36540e
SHA256

359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7
SHA512

598ba426aefe901078e4104e9928dbbbbba8febcf34a89948811957f92a928553271f7ebaa4066304fecd31934cd823fcca82203d683d3df81bcbc1bcfd6cbe9
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNlTN:W7BlpppARFbhWJQiJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4849) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\FA000000050.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\Logo.png.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClient.resources.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp	359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe

C:\Users\Admin\AppData\Local\Temp\359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe
"C:\Users\Admin\AppData\Local\Temp\359fd587de2e33f0e8b5238438f91001bb8e2c2ea276bcbce674045b787d53d7.exe"
1⤵
- Drops file in Program Files directory
PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3419463127-3903270268-2580331543-1000\desktop.ini.tmp

Filesize
47KB

MD5
ca35d0e5673309bafc45146d3ac63c1d

SHA1
ec9f63b59b662c25b73c38fd79f0ec18e6f848e4

SHA256
62afe27c6f7b0b1322e33cd8ed4231857d442538ad0f78dc3a6c53a02bc44685

SHA512
4b50c72913dde69ac991599a5577d05a77c70057dc63e84039712fae32085beb0fbd150ffabdf3ac0c6bb27550947b1923a57a9f1c00296102003d734be671ec

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
146KB

MD5
faca5c40f9b2e77a3c9c9d3fc7bdc41a

SHA1
299d052048533afeec856b7d615bf2a766439377

SHA256
950fadf30686fb245a096e7897592d39f93897345d98c3fbe083b6069a2882f0

SHA512
3954e0dda308f47979ec2a1dce20831c71e5969bf7eaad4e8d27fec8b854657fe04875f97902f4731880b5ae26c5773e67ed215fa0937a036453c8711ee91e7d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads