f1f5179963d0b14b2417a5595f4e99279c5572b31ab9f7f5684d71855c0577a5

Analysis

max time kernel
120s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 08:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6c7fe08379234b1103df4bc9d474f460N.exe
Size

37KB
MD5

6c7fe08379234b1103df4bc9d474f460
SHA1

fa7205369941f320bf06a358868e22b2ff7959c4
SHA256

f1f5179963d0b14b2417a5595f4e99279c5572b31ab9f7f5684d71855c0577a5
SHA512

9c5907d47d7645db0555504ff30e6d9c777f9f28df6a037f394c052c5d58f99bc051d95eb37732b4e7a5085c5d74ae34a1a190d0ccd39e9088d66f54870ce38c
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpvNFK:W7ZppApBULcfpHLcfpvDK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4641) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\fr.pak.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\LogoCanary.png.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp	6c7fe08379234b1103df4bc9d474f460N.exe

C:\Users\Admin\AppData\Local\Temp\6c7fe08379234b1103df4bc9d474f460N.exe
"C:\Users\Admin\AppData\Local\Temp\6c7fe08379234b1103df4bc9d474f460N.exe"
1⤵
- Drops file in Program Files directory
PID:832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
37KB

MD5
ed8e02fcd6380ee87e99980f2bb7c0d5

SHA1
cffe1ba87dfe7795212342e0289cfd6207884411

SHA256
2e9d5e836ba310eb7f4f55691c0596ca4278d80f5fe76d7c2705ffd66660a0ad

SHA512
957cf71cec688e81da2e11a6b017f244dc195bf74b1e9413c8d85579261dc03bad54dd9fbe7ffafb3783fec0f69f3bd414742548bf2ebfc589f3c9859a5ec383

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
136KB

MD5
4f8defd6bdeb7d9e6df8af5199259f13

SHA1
7cb4bb3c6e07166f0b28e811616e1f5d978d8626

SHA256
9b89e13aa6b7339f1cad243f9c706afd877058f33f37a9dafcc0761c2565f9ce

SHA512
c5bfcf283deeab091c5f1434f395eeff6f6a2dad9e72e6eed9caf51af4625fbf383f0ff7c5433bd4d09401e0ff785b76f7f69827251bdd8dcc7acd149e844cc1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads