e682143f973b5fe4a86f8c81cdb25b32bf6ee9d2b4730d8c50bd480884af60ab

Analysis

max time kernel
120s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53019ec7ccbd9d026d099794f491ea10N.exe
Size

81KB
MD5

53019ec7ccbd9d026d099794f491ea10
SHA1

4e0ace9d25dc78ad96425329f236cf770c94a780
SHA256

e682143f973b5fe4a86f8c81cdb25b32bf6ee9d2b4730d8c50bd480884af60ab
SHA512

889b61bcaee9779be138cbe2ef55d35c59ff07ae039a4b4735fc8e3a2542bd1c255dace29f539e6f8c85ba28e8063337cba59af0ec0933d71bd1b29c9d7e014f
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhWfxRfxG:W7ZDpApYbWjIoPyPoLzV7c6ShWfxRfxG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4611) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp	53019ec7ccbd9d026d099794f491ea10N.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	53019ec7ccbd9d026d099794f491ea10N.exe

C:\Users\Admin\AppData\Local\Temp\53019ec7ccbd9d026d099794f491ea10N.exe
"C:\Users\Admin\AppData\Local\Temp\53019ec7ccbd9d026d099794f491ea10N.exe"
1⤵
- Drops file in Program Files directory
PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1750093773-264148664-1320403265-1000\desktop.ini.tmp

Filesize
81KB

MD5
10897f4357199844fc0ef4793ca092f9

SHA1
231f294725ecc082553d31ad96c1fa3f676c0b71

SHA256
dacd2f615da23fb9507bda5e5360da9be751c23ad3b7011893a9bbd895a20ca7

SHA512
ce8e76e5f922b1bfeffd4c151f054782523a62d57789c49dfee557d8068e769d97d4d404e2407800cd91a0d70ce831dcb781563b1b8eb5802996030978413f09

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
25ee71436fe192cb6512a4e3da19f6b2

SHA1
56397d22f2f75a88a20745fb1d696aaa653ed1b1

SHA256
3b7c3d31889e4a161f323e300d16b1da46ed7090d98b606efac52599830d6704

SHA512
54d9532a80cf91458ecc93b59ccd6787aece54be4703e5d5ffd6b632037021d13c299d9f65483aa36c6ab5d1f185611fe4ab5c91e932463d113e78683afd0f6f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads