96dd1f276bc171a1b5477f3684301c617cc5e59bc28b815ba4af48e8ce7a3426

Analysis

max time kernel
120s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

508a669127eca13b6b7dee1fabd1b5d0N.exe
Size

95KB
MD5

508a669127eca13b6b7dee1fabd1b5d0
SHA1

4860061107eb79c83d76fe36db93da643cad8415
SHA256

96dd1f276bc171a1b5477f3684301c617cc5e59bc28b815ba4af48e8ce7a3426
SHA512

5e352fc8946528e396aeece736429f7711c19167abe0223292cbca39a434f4c25fa57688a6bf9b9bc8879205e66a7ebd35c846283072695224c8ef2fc3018842
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh4:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4180) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ur.pak.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\MEIPreload\manifest.json.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	508a669127eca13b6b7dee1fabd1b5d0N.exe

C:\Users\Admin\AppData\Local\Temp\508a669127eca13b6b7dee1fabd1b5d0N.exe
"C:\Users\Admin\AppData\Local\Temp\508a669127eca13b6b7dee1fabd1b5d0N.exe"
1⤵
- Drops file in Program Files directory
PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3419463127-3903270268-2580331543-1000\desktop.ini.tmp

Filesize
96KB

MD5
deb849e5d68069be393b29fea713b79b

SHA1
81291baeae9d1e9e84cd37667262d5c636cb035c

SHA256
4ab19fa3e45e2b9b312a0229967a1f1eb003ab55ac0f503afd1b31c916d8d7fe

SHA512
db3a6acd213112d3167b0890a0b85b6d85dca45e44e34dbaa286922ccef02d3a6eb4ef411d43bba04d8536bcc040279d983bd037f8440b650e101f78cd8f964d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
194KB

MD5
8a701e6cf9272068d7242b657555fe8b

SHA1
a7143a1854531566b15ced9be3f025180fd72838

SHA256
ff2e3a8a347ef596da62ea77ac27f81bb2dd4e6708423d007c4f145b755946c8

SHA512
71a8a712aca9abc201b6fe663f3243e6c9520e64276f2840d8263cc7132e161400eacd1b1ca513d327448def779224841759d7b460b98510f44eaace2ffa5baf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads