77764137aae515acd24ca1b6b59259b32a23c37b032af627a4f53502de4e3546

Analysis

max time kernel
120s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 05:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

518ad9540023c360f98f3ea8a811c240N.exe
Size

80KB
MD5

518ad9540023c360f98f3ea8a811c240
SHA1

d5b423b8ba40ef3ecd4b40a1be1aba18651b8a43
SHA256

77764137aae515acd24ca1b6b59259b32a23c37b032af627a4f53502de4e3546
SHA512

fd859f5519ac9eb0c098eadac924a6bef99f2cb84262840c4aa3108d4ab586db32a75950e6bbbbf4df1d283f245f130e34172c70848d3024d61a45dc4deeadf9
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhyEXBwzEXBw9:W7ZDpApYbWjIoPyPoLzV7c6ShQ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4632) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\ExportGet.mpeg.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.Unsafe.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp	518ad9540023c360f98f3ea8a811c240N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	518ad9540023c360f98f3ea8a811c240N.exe

C:\Users\Admin\AppData\Local\Temp\518ad9540023c360f98f3ea8a811c240N.exe
"C:\Users\Admin\AppData\Local\Temp\518ad9540023c360f98f3ea8a811c240N.exe"
1⤵
- Drops file in Program Files directory
PID:3428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.tmp

Filesize
80KB

MD5
ab469819fe126800bc6ee293730bf807

SHA1
3811e3322ecfac04b114c3f463c4b3232dd7f68b

SHA256
b97580405e69a123d76c03a5acc62846df615e3a9693f199f9491603d504cc62

SHA512
d1f527bad1ff917b6cc1146072ee11309a564a65b240d66b79877bb8d0e9b7f25e1db280d958efbadba5acd19acb1340acaa6eafab12106c0bf24500dfade8ff

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
179KB

MD5
33668c0f5df19951276cd0b57038f929

SHA1
50d2d3805fbcc44846eaaf90c48f231dc4b2dfbf

SHA256
bf1e096020d5bcc9b0a05a909330a8cafcf3fcda1af5d1c5442ef4fba8543f72

SHA512
6e1a57558e325a986e0aa880f8229aeda20c7ffae36621f14052c97f4100d8f20bffa917e8e59e4180099c7ec0b55131dc768ee5efdd6df76958c7cb00e31c3b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads