6c19e6f960cdacd1e9a2b6eafe861d02663b4a20e20ca24d4639e60d734506f4

Analysis

max time kernel
119s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 01:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2aa4fe4efd10b086dfa36fe1249b0f10N.exe
Size

47KB
MD5

2aa4fe4efd10b086dfa36fe1249b0f10
SHA1

3a80cedd83a56814736d86550e5480ec682851ee
SHA256

6c19e6f960cdacd1e9a2b6eafe861d02663b4a20e20ca24d4639e60d734506f4
SHA512

b80ec95c3d130f807bb5f7f8754ee6837493b955776662baa9bcd8521043658dd79c1507e28cf0fc3b77466720a8f8928ae3877307361fae85b94b9000481f90
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNlTm:W7BlpppARFbhWJQia

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4654) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Extensions\external_extensions.json.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Java\jdk-1.8\jmc.txt.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp	2aa4fe4efd10b086dfa36fe1249b0f10N.exe

C:\Users\Admin\AppData\Local\Temp\2aa4fe4efd10b086dfa36fe1249b0f10N.exe
"C:\Users\Admin\AppData\Local\Temp\2aa4fe4efd10b086dfa36fe1249b0f10N.exe"
1⤵
- Drops file in Program Files directory
PID:2960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.tmp

Filesize
47KB

MD5
072049881dfd35d020cee27ea1f4da6a

SHA1
0634a961477f1e66d1edb8fd98eaabd6a0713b6e

SHA256
3dd91ff9f728819d30661992689f0c25248fbfb91cfd7173b489bad85ce783ba

SHA512
942acb4f23c37c5ae30ff11d7977da0839f2bc9456eb34acc1586224cdaed580d22b4a9c9f96e8652280b72c3769674f4dac609304a5c4d7d7cb5c02519c31a8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
146KB

MD5
ed4f0b816812695cae44c3d0f99e3626

SHA1
acdf941e3622933fef65506a747fb6fb5c9effe7

SHA256
c0f066cd1783b269af7c67a615ae3d6a55a69e1e0b106e60f6eef16eb8a60759

SHA512
f4ae2abc3d4c51c00e3de792deaddbf1989d52eff45501d8140fbf9b193d4a772ec32de8fdfce14fa73f90426ca2e1b3aac82b6d686b35b54538d4ced63d651d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads