30e02c684c7ca4d684b0df90f9c6d398bfc00a82dd0d759b075ab6bd3794ed72

Analysis

max time kernel
119s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9ab61a717be18e48270ec7a0c081330N.exe
Size

56KB
MD5

f9ab61a717be18e48270ec7a0c081330
SHA1

a1ce9ef38ea89b5c71e0001092602cd105e62ed9
SHA256

30e02c684c7ca4d684b0df90f9c6d398bfc00a82dd0d759b075ab6bd3794ed72
SHA512

937b5145bb2023a6b2aaed7f29a117ed2247d99b50113a3e89ebb61286b2b7e21b8da8e77526cbfb06658ee7891b1ab4b27cffa4e985862144249629abf918aa
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrRYKYU4Qfxd4QfxcYDTcYDTe:W7BlpppARFbhWJq53fxRfxG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4674) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClient.resources.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ktab.exe.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EXCEL.VisualElementsManifest.xml.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jfxmedia.dll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	f9ab61a717be18e48270ec7a0c081330N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	f9ab61a717be18e48270ec7a0c081330N.exe

C:\Users\Admin\AppData\Local\Temp\f9ab61a717be18e48270ec7a0c081330N.exe
"C:\Users\Admin\AppData\Local\Temp\f9ab61a717be18e48270ec7a0c081330N.exe"
1⤵
- Drops file in Program Files directory
PID:4152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.tmp

Filesize
56KB

MD5
dd68bcce2a032106bb31647b8fba2827

SHA1
3a80c80bc509e80ac963e372a551dd39d424eeb0

SHA256
6ba006222c97a8aa3f7a94b95170f276a2172b09bf1c8ad278f03b432e234478

SHA512
8ce71cdc04f219bdf30cb45db0d01e234cf1b391a7479cf12a7bf36bbaa5e4b5ef516a852889000ede0d0b2924fa49f77acf54a4d269689a69aedec2499bdb90

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
155KB

MD5
f1c555ee19a8c8d34938b449acaa83c9

SHA1
c7f6cbd2078afbef55c6145afe649eb475b5dffb

SHA256
f44e4eff625ce8c98ee58776e3ab14ce2a02b6daf684685c41eec0ae7170320c

SHA512
42c1626e2c7acc7ba2a3ea1a6eeaca74b553da1e40cca1f01660b5078a3f4c74167011bd7c58812964ed4bd17dc7ad5302c880f93f0a0a21761eb373cbd93bfb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads