7aa2a80f4730496e1cc91a4aca78e81dca269246c56afa38b49a25a9fb9c4816

Analysis

max time kernel
120s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ea05cc3ce6c09c490f377152ed2d530N.exe
Size

98KB
MD5

1ea05cc3ce6c09c490f377152ed2d530
SHA1

ae465ae517a390600c273b46da245e0083fbf1fe
SHA256

7aa2a80f4730496e1cc91a4aca78e81dca269246c56afa38b49a25a9fb9c4816
SHA512

65d9892dd65440708491cfcf87cae1a7356f03df4522e4942e72c8ed49d5a19fe68b482e91fd645b4d397c4fa26648a4bd305a23788a0457bbcc7d60f4a58dc3
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXaR:RqKvb0CYJ973e+eKZ0VQ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4167) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunmscapi.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\libGLESv2.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jdk-1.8\include\jni.h.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	1ea05cc3ce6c09c490f377152ed2d530N.exe

C:\Users\Admin\AppData\Local\Temp\1ea05cc3ce6c09c490f377152ed2d530N.exe
"C:\Users\Admin\AppData\Local\Temp\1ea05cc3ce6c09c490f377152ed2d530N.exe"
1⤵
- Drops file in Program Files directory
PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-464762018-485119342-1613148473-1000\desktop.ini.tmp

Filesize
99KB

MD5
12414cf23c61def14a886bec8027bd29

SHA1
d6b94dbf9e3fb97350b749fff7b6163e29db9cc7

SHA256
e28c66be42532da906902f1bc650339c3cc3410f617384116987ea9895652df5

SHA512
e36aee66389368ba8a201722c8fd87fa56244bbe14dc7eae4810911ee6d157e6ccbb106793e695eb8387a9e8e0a789c8fb32102cea4a8986d1baa88ff099e771

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
198KB

MD5
c598f62478f2bafec9259f7c38c1807d

SHA1
56df956c1eab4677d19696342ae025a9c3e34f47

SHA256
1785b7464a5ac1cab7227b730de058616b44473407c9e377ed3490797473d164

SHA512
49faa92c91056ab7379ca93ec0e3e2044eaca2592e8aa1f7bb875b3af9065e3f1d3f3084b218d3c4e67cfe5eb154b516c8c41930c18cfcb3fba2915254ee0f4b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads