29d74bf06df473852219df2a798450810183aeca1307f52a52bc25ffe47f4690

Analysis

max time kernel
120s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c10e9c931c09e8374dbf20457bf1400N.exe
Size

64KB
MD5

0c10e9c931c09e8374dbf20457bf1400
SHA1

d818d684d3bbb7f061dbc635f62c16ed90cfbd14
SHA256

29d74bf06df473852219df2a798450810183aeca1307f52a52bc25ffe47f4690
SHA512

f05adf5f4278c7c76eaff42cef150d86d49ea61cc709f3815e3ea35a52e5b6f84596f20b7e3cf56c7448daaf594e09153b1bfcf34417939eaa8ea92d1aa9ee18
SSDEEP

1536:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q8c2F2v:Te76WQSop2F2v

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4316) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll.tmp	0c10e9c931c09e8374dbf20457bf1400N.exe

C:\Users\Admin\AppData\Local\Temp\0c10e9c931c09e8374dbf20457bf1400N.exe
"C:\Users\Admin\AppData\Local\Temp\0c10e9c931c09e8374dbf20457bf1400N.exe"
1⤵
- Drops file in Program Files directory
PID:3352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3419463127-3903270268-2580331543-1000\desktop.ini.tmp

Filesize
64KB

MD5
74e3dfedbbdc59d3fca619832484f883

SHA1
40823dcf6d0177349fb33bc44c8d6b1723452142

SHA256
1f9f759d28ac66cfe30cfb280ce2400abfae7c216c3d093e32941919ad57e30c

SHA512
5a56c7bdbb8a74791f9d40ffdbf96522ee4c94a343c864fa321422aa44429f7536f984804440de7c9b4f6b13bb6561b4296563ab6e52f4b2073b5c8814278aa3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
163KB

MD5
cfd6510e6446b537562bc1da021f3917

SHA1
52e75a44e3d9b6079c300cb0b5588c4b7794852a

SHA256
e22b7fc66a73ec480b0a81394238edcab813c4f81c8a5175bee2709da2aca701

SHA512
6d45088497786175e6eb6ed81f64124ef943f31ad15ba10334a94cd9559fb20db945544b4e0954ac593d958d413bba7bb4b701586c33e03a92a8bcb4c2df7295

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads