db19481544f2a77a6b184c8ffa2ea729cafb0fe905b32836ef8ebfc10a170a9c

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ad2c2ad4abee901df8ec84e35cd43b0N.exe
Size

71KB
MD5

2ad2c2ad4abee901df8ec84e35cd43b0
SHA1

164a797aa634c32512765e88c6053479ce91a20d
SHA256

db19481544f2a77a6b184c8ffa2ea729cafb0fe905b32836ef8ebfc10a170a9c
SHA512

63450e2f053ca9bf0fd24b4c0aa28942c4d092f84c9a20e95f383dfafc03cc5c77fad8aef8b89733f75a63ec7de0bd27f2956d20e6a6039733f4aa42bae10536
SSDEEP

1536:/7ZQpApze+eJfFpsJOfFpsJeFrxFrTPG0PGN:9QWpze+eJfFpsJOfFpsJ0rDrTPxPW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4424) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ja.pak.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe

C:\Users\Admin\AppData\Local\Temp\2ad2c2ad4abee901df8ec84e35cd43b0N.exe
"C:\Users\Admin\AppData\Local\Temp\2ad2c2ad4abee901df8ec84e35cd43b0N.exe"
1⤵
- Drops file in Program Files directory
PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.tmp

Filesize
72KB

MD5
e4a71d99461a1ed956fe9a14eb3b4761

SHA1
a696d3ab885849933d97aa7aa3ec0b8380a851c8

SHA256
99e826b50ef3d21ae8e70910b122140480c722e25dcfa5d436a1be54ffd7dd7d

SHA512
b1a9426515c4b80578f32ef697e7f13d4b8b05ba2a79c2cfc83eb03e8a8fc68bec19da5ccec12ab691d57fb8df7108727b68191b5f5d7f2031f01ad60abeb57a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
170KB

MD5
092f915170251c1c52b1de5b017a6f83

SHA1
0cfbee69b5d6478a9e3854cc36e899bd68e8ff8a

SHA256
65cc2cd031447310a75c641cf4a804669512a1b429e4d5a442c33cf2bfdb5850

SHA512
8b0adc05d83f80530436948d7d185f793629b6d5fec9c9011bb3f2b1ad054930dcb5a015acaed983866553a38f0e17a978c1ed5cff8e02bf5b3631fbc854997c

Download Submit
memory/748-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/748-1796-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads