5328debc003a62b279989c8e17661953309506efc2b66332b50416020461ecd1

Analysis

max time kernel
119s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 06:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

614837455c5c491dc9aa30c177eb5600N.exe
Size

66KB
MD5

614837455c5c491dc9aa30c177eb5600
SHA1

2b7f80d599b4da2417aa76a5fabb5a103660b1b8
SHA256

5328debc003a62b279989c8e17661953309506efc2b66332b50416020461ecd1
SHA512

269b67564c9ce2f6053789aaf2c41cf9f6261ffe64b181fec7ef411c6c0233351fe5e94eda95776e81a550c669dce6853256d960a72b4bd9946d2ad96678b80b
SSDEEP

768:W7BlpppARFbhbt7Y7WBp9/Bp9H8RN8zQRN8zqJdkCKPuJdkCKPF:W7ZppApRhH8RMQRMqJdkCKPuJdkCKPF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4682) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sv.pak.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp	614837455c5c491dc9aa30c177eb5600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp	614837455c5c491dc9aa30c177eb5600N.exe

C:\Users\Admin\AppData\Local\Temp\614837455c5c491dc9aa30c177eb5600N.exe
"C:\Users\Admin\AppData\Local\Temp\614837455c5c491dc9aa30c177eb5600N.exe"
1⤵
- Drops file in Program Files directory
PID:768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.tmp

Filesize
67KB

MD5
480590a0945e3a13bfb4ff26e000043f

SHA1
8b3f73af84771a9140e033232d145ed223d4525f

SHA256
68e30b9460fea17ab655838cf10056d854c7434dad2e6761cb7981c60f52bb3e

SHA512
34c8d4ebc6be7f096e62bd7727eafd0f77ebc5ead49607bbbc7b74b0557861b487fafadb2823e2eabd08b8cebf433380ed9579f6e4c673642c3b6ecf16602df9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
165KB

MD5
fd93d6f02aa655102520e0fad1173224

SHA1
94bef1b101706623f9c71f371c848ada8e22337a

SHA256
18aac723c8df2116fa4672b2e5affa35d2ecdf958cdfd8c43877b9802362fda0

SHA512
07ca7eff88ad5fa9da5261a41bad72665e20072db026d8bb47a43581018339bb82b53ba3485000f8dc42d3b762cbd7dfa54c508388a77f8607e0e79679aadd78

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads