f2ab59a9e3b315ec7a47ead8f1d769fe56abed204df393f4d3577a6fd75e3ae3

Analysis

max time kernel
120s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2048fb44555e2ea8622ca163315e8590N.exe
Size

68KB
MD5

2048fb44555e2ea8622ca163315e8590
SHA1

2a6412e977dc5eec2943bd71a036651247d6725c
SHA256

f2ab59a9e3b315ec7a47ead8f1d769fe56abed204df393f4d3577a6fd75e3ae3
SHA512

fda870ad95bf2afce33eb2266b1be0d7dcf8f146a345d7fa7eb8e9a1b18570738947d4282391bbcfb10df1aa62955355512f6ce645700452381051898459f19f
SSDEEP

384:yBs7Br5xjL8AgA71FbhvJUfWGUfZe/HtT8lNvqe/HtT8lNvO:/7BlpQpARFbhiWbb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4370) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\123.0.6312.105.manifest.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\vk_swiftshader_icd.json.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jvm.lib.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	2048fb44555e2ea8622ca163315e8590N.exe

C:\Users\Admin\AppData\Local\Temp\2048fb44555e2ea8622ca163315e8590N.exe
"C:\Users\Admin\AppData\Local\Temp\2048fb44555e2ea8622ca163315e8590N.exe"
1⤵
- Drops file in Program Files directory
PID:5072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
69KB

MD5
ca5f37fc62143b8fcd9d72766d69344a

SHA1
3b045744fb5a6cd3033f05c0bbcea48c8facb617

SHA256
03ad2681228cddebb00fb4e8d4a4fa78dfa052d3d642461e56d0227c57fa194a

SHA512
32f15ace1c71da5ae0d7d5b4822f80f05d8c9028eb0c8a6edfed562d1df9676a9b06ce82b185002e2748d01307f44d358a5d93358d0512668e5feea478be92b3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
167KB

MD5
aeec2650af9f36538e449c118a41afa8

SHA1
05a2603a80986ad2fe77d36776cb8a0429e0f47c

SHA256
19e333789b1e3e6534f226464cf5e6ef61a912053a3da822d179317d828dbffd

SHA512
217403ce7e4380e3c9e2c484e0f39bdd805b2e327b53a29f1ef23ef69d8ce81e291deabba471ddb13b3761876eb314861da7aa68d18287c085d8d2a081bab03d

Download Submit
memory/5072-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/5072-1794-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads