cf14060ee023498221a09abd7632cbffdf73a439028841ff7db6164f002ff3cb

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b91b2851deed66f63dbda8311a11ab0N.exe
Size

52KB
MD5

7b91b2851deed66f63dbda8311a11ab0
SHA1

7fef9200002d2518cab28e4e2fb04b9c446cac49
SHA256

cf14060ee023498221a09abd7632cbffdf73a439028841ff7db6164f002ff3cb
SHA512

e794880d12d963d8a9da0601e5a4bd76291e13d25eacfff3bcb72cb811795e514364677b3ce3248742c186e540cea4bf5b069fea97929c427cbc5c18b4aa4082
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrRYKYU4Qfxd4Qfx+:W7BlpppARFbhWJq53fxRfx+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4583) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationFramework.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	7b91b2851deed66f63dbda8311a11ab0N.exe

C:\Users\Admin\AppData\Local\Temp\7b91b2851deed66f63dbda8311a11ab0N.exe
"C:\Users\Admin\AppData\Local\Temp\7b91b2851deed66f63dbda8311a11ab0N.exe"
1⤵
- Drops file in Program Files directory
PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1403246978-718555486-3105247137-1000\desktop.ini.tmp

Filesize
53KB

MD5
292588637c7fab3b45d8f4b8ff7a8439

SHA1
315a8fa37149a1099aad077ecf216176894135b8

SHA256
74f63cc13fc1340cc550ff1b96bd535404065aa54cd9db04ca8f7b7eed9e52a1

SHA512
67c7fc354306c4d9a82fd7a688e63ce5cecde47ae5e63e7041dadcdc468c40181b6d32b776d2b055eca1aa49a115c9b799343fa98ec2db593713b7035db25808

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
151KB

MD5
7e3d07463a7b22bcda6f0b0a063243b4

SHA1
a695d3a85e21cd890a519c19d3da54338c5f1e26

SHA256
77cbeaf4538c9529a891f63f39bd47c2ed74480328036d4bbb37002b2513db8f

SHA512
15d8290b227f0d3664f0aca212a672fbc5ab74e37de55dd468706cfbce78f2d8e46efa27bb2f0110f9cd3f4157ab32c2063b8d1726a89f6fbed61a5674a47752

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads