955a552821389bb9f1e30e53eaf488f77478d2c28f61531b984e2449dcb55ad6

Analysis

max time kernel
120s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4aa8ccfb780be749d51f76e832bfcf40N.exe
Size

65KB
MD5

4aa8ccfb780be749d51f76e832bfcf40
SHA1

47a753d1ae0f4229b1e337ba72bae92914201081
SHA256

955a552821389bb9f1e30e53eaf488f77478d2c28f61531b984e2449dcb55ad6
SHA512

40539960fa6d70c2acba781f8d74a599e6610e7a7741603656920b2e35ab107d5b3ffc9c68f0f2b812c6d24efd2f0060b7a83fc37258d4a88fa6d88d75361249
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDAfABJ6fABJwEXBwzEV:/7ZQpApze+eJfFpsJOfFpsJ5DX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4654) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jre-1.8\bin\nio.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\pt-BR.pak.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\zh-TW.pak.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe

C:\Users\Admin\AppData\Local\Temp\4aa8ccfb780be749d51f76e832bfcf40N.exe
"C:\Users\Admin\AppData\Local\Temp\4aa8ccfb780be749d51f76e832bfcf40N.exe"
1⤵
- Drops file in Program Files directory
PID:4988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1705699165-553239100-4129523827-1000\desktop.ini.tmp

Filesize
66KB

MD5
61ef82e50216a77e372645a9c3e8ce6e

SHA1
acfad258dd70883a964b3bd782b42c870f74501c

SHA256
55091bc9617d0fb451d1744eed12f593a7ea26439a4c6ae28ec54938a2ddafa3

SHA512
a38bc70e2edd05cc656b4fea1255b0cba979189c5691ef3f330aaa693c98d81bda1925147786fe9c3e72073af92c4c297b8537ea87ed77627ebe18d3078255af

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
164KB

MD5
d716e61b111b4142774784c18c632b34

SHA1
942f42c4fc5b3c49ffa14782f146a938ba83d13f

SHA256
459b51f97987f1a5b63dd7c112c922e81a65311fb138416331c0042c836a2b74

SHA512
97c1373962672c70e9085c0ba9359677c84fa4c2a51205d3f082bd6df53344bf04d960ac1d11ae949e03e1597b2f4fdf26c4ef734ec840838fb9631c6d82625b

Download Submit
memory/4988-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4988-1958-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads