8e2d98ed269c679193249aa03cd13497c9ea35349959652d0bf905bdedfe0184

Analysis

max time kernel
120s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c620bf685ce5a12be13ae9841cbaf70N.exe
Size

49KB
MD5

0c620bf685ce5a12be13ae9841cbaf70
SHA1

195329a5eb0c846fdcfe5a1aa19360f7ed095682
SHA256

8e2d98ed269c679193249aa03cd13497c9ea35349959652d0bf905bdedfe0184
SHA512

74d64ec40b97d29f7aaab25b2fed15c90a662ccba29ef83b3a5664e9816e2efd1ed991bce3883e489d9c0f107ff17f3322970a74ab82a2438988c97718bf0931
SSDEEP

768:W7BlpppARFbhtKL6YJL6YDs0wuDz0wuDq:W7ZppApqw1wl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4370) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Client\concrt140.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\ClearInitialize.lock.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp	0c620bf685ce5a12be13ae9841cbaf70N.exe

C:\Users\Admin\AppData\Local\Temp\0c620bf685ce5a12be13ae9841cbaf70N.exe
"C:\Users\Admin\AppData\Local\Temp\0c620bf685ce5a12be13ae9841cbaf70N.exe"
1⤵
- Drops file in Program Files directory
PID:4232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-47134698-4092160662-1261813102-1000\desktop.ini.tmp

Filesize
49KB

MD5
2f6c2fa37097e16f1f10f626de96c772

SHA1
316ade9d01ecc2f915e82a1be259ddb1501cee7a

SHA256
3d6ae821a267aae5ee6f3df7346218a0085fc751695a5a47926bd0136aa23866

SHA512
2878b924d5e70f5a490fec60823cf05966aca0ec3606a5043ecb160104b058a3d2f352886eee5fadcd5afef8650124df59509e5dea4a0767c69712c6693eb92d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
148KB

MD5
e7814a2da16b80a90141cb37f06b2043

SHA1
85c06949496ddadf28480ca89bdc8e52e7bb8dd3

SHA256
8abd1ccbd3cc3d4797df1078dad0e548feec0f268a0baadbd3797d6ec410420b

SHA512
69faa68a2eb2f05442b3fc20981d7a66b9a922830464956728a61d0a5a32727e84f043a7060e149756a07010d0779c8eb55627601cec260309733752cea1731e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads