776b9990b6bda6227288f24f0323c98a0b83720eea0f3a395bf51dc11ad5824d

Analysis

max time kernel
120s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
Size

74KB
MD5

2a74cfe0f69b98c3db124ba4afaf8fa0
SHA1

31c52cca2deff9b8db4ed6ee66ae949a1c62c7e8
SHA256

776b9990b6bda6227288f24f0323c98a0b83720eea0f3a395bf51dc11ad5824d
SHA512

af878c9aad131108f9bbdf2ee058f9d6720be5286f041416e0c187f7cc8f77e85c8dc9dea686b5440379e656fcc5cd1a975bb4c05e126ad60d880e0ce1192908
SSDEEP

1536:W7ZDpApYbWjIoPyPoLzV7c6ShZJ99J9ks:6DWprs

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4365) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Extensions\external_extensions.json.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp	2a74cfe0f69b98c3db124ba4afaf8fa0N.exe

C:\Users\Admin\AppData\Local\Temp\2a74cfe0f69b98c3db124ba4afaf8fa0N.exe
"C:\Users\Admin\AppData\Local\Temp\2a74cfe0f69b98c3db124ba4afaf8fa0N.exe"
1⤵
- Drops file in Program Files directory
PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2636447293-1148739154-93880854-1000\desktop.ini.tmp

Filesize
75KB

MD5
131f9ee3f03a3abcfffc995103623f3d

SHA1
8d1cbb12cf71cbd325f4015d754f2cf01d54ce46

SHA256
4cba9700c32ad96635c6549c80841f85510102217d504c1a100f4dc057786bb0

SHA512
26a3e50b24bb6b310c83af2f44e9b484f639601748053b7dd0479846e9b957aebff499932eec5d6478306e04aa84f5b86365a6c790d8b56de829148189b132ab

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
173KB

MD5
685479a3605be967ed4c37d97860d9bf

SHA1
ef65d9da93c995b67096bf36c64a04f56eadb5e2

SHA256
d00d56595e037e5160907dd14c1bc05c599513adbf8327fecff02b566bbb5c70

SHA512
3e652f37eba03affb003aed9f3aa391946d20df6c0fee488768618d1bde09bd2b67ae288d43c39b5849cc14cd0dcadaae60a2a19872fe9debd95e939e4f6ee5c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads