5422eb6515269a8cc49a0372163ca6ca294cd1d5fe4bcc229c3866166bcd14ba

Analysis

max time kernel
120s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94b4757c6c1908051bdf8e33eab24b90N.exe
Size

78KB
MD5

94b4757c6c1908051bdf8e33eab24b90
SHA1

8c52e23936099b937119415b9213ea79bc38a61d
SHA256

5422eb6515269a8cc49a0372163ca6ca294cd1d5fe4bcc229c3866166bcd14ba
SHA512

6b23b8a0cf6cbb43fabfb97399c6e73e5a59c0afb503c416cc3bf69309e9317172c3f1ad1864c33b934592d90c0629419c91fb979f7219a4b126f7d097df5679
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh3:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4636) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\libEGL.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\tr.pak.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsFormsIntegration.resources.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sw.pak.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Google\Chrome\Application\debug.log.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\CloseConvertFrom.mid.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jre-1.8\bin\management.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe

C:\Users\Admin\AppData\Local\Temp\94b4757c6c1908051bdf8e33eab24b90N.exe
"C:\Users\Admin\AppData\Local\Temp\94b4757c6c1908051bdf8e33eab24b90N.exe"
1⤵
- Drops file in Program Files directory
PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-47134698-4092160662-1261813102-1000\desktop.ini.tmp

Filesize
79KB

MD5
2bdb091f3818f023180f3e299157b581

SHA1
b4d3613732ec4519a268a79c2c1eb8e894f0b54a

SHA256
f7b49bbc1de47be74dabc0ece84743b0caa5fa1c69a0fa1ee694287a1a39f6ba

SHA512
fcdedcff1775c160c930fbba8065c765d4a7dd957f47926c1cdcf5cdedad5bc3889d142af8b7415de04351b3e708a135c85f1f986d42d71e040c10a822b1afc3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
178KB

MD5
da898f9b8bb6f4f0091af3317e9da871

SHA1
5a1053dea47a63086b5d105f66b09875d1f74f51

SHA256
45d7f95f638be73ed599c7f99c8b637bf977e37553fb68fa2f8f73506ab719e3

SHA512
f34f1c350f259895ec08b433ccd4b612f53b0f9749328efd1c43fc412db3e0e2c80f145d3f6cc487179d1b385d5cf6057681781aacba83d18c05289644813e6f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads