bc7d45717d0e6776a821f9b6008602eea477cbe6b5f983fecbb61834faf4a24e

Analysis

max time kernel
120s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

291708d6d9daca0e1d7f5cf81fb8c550N.exe
Size

102KB
MD5

291708d6d9daca0e1d7f5cf81fb8c550
SHA1

4c3abb73641d7c665d4ff90f9ab0ca5963926ece
SHA256

bc7d45717d0e6776a821f9b6008602eea477cbe6b5f983fecbb61834faf4a24e
SHA512

890dc930391e8911860821a32854a2d9c9d5316f25febbbc0c4e1322fb845e662ff63f7b9f071fc1085fe01cad89e564cd030dfa54dc1a5c6777f56474c54955
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBp:PqFF2Ie+effy3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4636) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\af.pak.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\WidevineCdm\LICENSE.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.Unsafe.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Crashpad\metadata.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe

C:\Users\Admin\AppData\Local\Temp\291708d6d9daca0e1d7f5cf81fb8c550N.exe
"C:\Users\Admin\AppData\Local\Temp\291708d6d9daca0e1d7f5cf81fb8c550N.exe"
1⤵
- Drops file in Program Files directory
PID:2780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2990742725-2267136959-192470804-1000\desktop.ini.tmp

Filesize
103KB

MD5
df2a3e26079b9f33fa7c08c211026956

SHA1
66e202b7d25576e63c079e1ab7677c4c016e58c5

SHA256
1330668f3f3fb82281eea3da063487781d00a4f9376cda3636c195acefc4ac4b

SHA512
94c854332ff4a04b7bf02b6ba2f6440e02d080c1006a7e9c5be06cd58c2ab604dd4fa6f8e79f8446ac0c3ec2e830dd1ffd35169512c6242cdcccb8d065bccb54

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
201KB

MD5
78aec58b0774b9d31f05f53172caf686

SHA1
83d13c8e15515b0d171eb8bc0e41a6a2e9708d16

SHA256
2b4ea158e5dea54b380b0388691ae8a688a9c585f29b4f96410835550be8c5eb

SHA512
ba19c2591825125b1d9e4a41e5091552e986ad6cb7ecb21200357d9322c20e4b710dd9b96980ac6b283ac3f7f947ec06d6756d36ae8a353fb3b91eb0f5032f0d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads