809aa11351600f4c3817605475594f6be5b024167441942adae816fdfb26d007

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 23:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

294506ac7a3124cd72bced5d97dfe550N.exe
Size

195KB
MD5

294506ac7a3124cd72bced5d97dfe550
SHA1

85ae99686c45befc6b5958b7253d1b31a4e4cce1
SHA256

809aa11351600f4c3817605475594f6be5b024167441942adae816fdfb26d007
SHA512

e0d2b8c337f04ec86fbf8bdec5c7cf3063eb546f31503c6b722c54f1f69b4cc9e5b4ee38b2c0e046be70938d82a04dad8ee13aae6a053f5c3688b9962589ffaa
SSDEEP

3072:6e7WpUV2x7L+4XGH3XGkR2SRXGkR2Sn5TQ:RqpMHA

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3182) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Java\jre-1.8\README.txt.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationProvider.resources.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\BlockUnpublish.svgz.tmp	294506ac7a3124cd72bced5d97dfe550N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp	294506ac7a3124cd72bced5d97dfe550N.exe

C:\Users\Admin\AppData\Local\Temp\294506ac7a3124cd72bced5d97dfe550N.exe
"C:\Users\Admin\AppData\Local\Temp\294506ac7a3124cd72bced5d97dfe550N.exe"
1⤵
- Drops file in Program Files directory
PID:4400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-464762018-485119342-1613148473-1000\desktop.ini.tmp

Filesize
196KB

MD5
510805ecfe15154a3b148e7b7e1f0915

SHA1
3a5d99e550da1b069e823ceb795a2bb3febeb1cb

SHA256
13162cf12a6130c27e0edb17fc98c1a0aa35167e9d1cdecb88c59e361b28719c

SHA512
a3776bbdabe977bf5628556c085f544c68505b8bede0f05cd7fcad9043256d905ad6cb3ebf3a16ddc4e083d6211ee9fd1d725f916249c327588896585424b0ee

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
294KB

MD5
713b1e57c0571f51908fe28b45d22c21

SHA1
3c11157168d1b71074f2341522ef814e67778102

SHA256
4948bca80ce3dd26fd0405e2fe631b9d1f1bd2cc2f42f7578bcfe1de4fe16165

SHA512
77cd12a94f8acc0dfbf3be6400953ec11d1daf5306f0a446a60b2427f3134f0bf8fadf2834164792daf3d36f347702f743d3c4733a25d3ddd44128992922099e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads