ca53741bd600de82b43c70ae07a646bb3709f9542893c19f76a9dc149eff44de

Analysis

max time kernel
120s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d2e6f193e53344b17cc7a90dd18b920N.exe
Size

97KB
MD5

3d2e6f193e53344b17cc7a90dd18b920
SHA1

72886d582e4aeba3cab485904eac1c0aba9da96e
SHA256

ca53741bd600de82b43c70ae07a646bb3709f9542893c19f76a9dc149eff44de
SHA512

cec2d8ffd26307a6b02b9e7b9778f5e398c43061a344ded35b7d5365b6d7f4ba4cc87c8693299b8339b316bc735ed8ea9d539687a1d804a178e84715bfe48a47
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBQ:PqFF2Ie+eFa07

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4302) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\pt-PT.pak.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\th.pak.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp	3d2e6f193e53344b17cc7a90dd18b920N.exe

C:\Users\Admin\AppData\Local\Temp\3d2e6f193e53344b17cc7a90dd18b920N.exe
"C:\Users\Admin\AppData\Local\Temp\3d2e6f193e53344b17cc7a90dd18b920N.exe"
1⤵
- Drops file in Program Files directory
PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-464762018-485119342-1613148473-1000\desktop.ini.tmp

Filesize
97KB

MD5
57a180b147f063a8ac660cafa094a5bb

SHA1
f7d730c81db711371a71942a2af519e79aaea819

SHA256
f932b191376c33157a4dd21435166a31ece410a447b8b4a58d9c3ce1b264edd5

SHA512
0f4d6cde546bbae2dc148cf29de4bf4b3613848a8ba9166d1e4bd95187435a7352b8dfbc40883f5e2db4bc000a0b918ccffca6f2c57b887eabba701177f9b081

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
196KB

MD5
fced06e536f1848236b1e64cc761972e

SHA1
4750214c13bc8aa00ecb2f8c4a226ce6785166d1

SHA256
87c4209b467502c2378aaf9edf3be575cd9d4e88f989090223ce3627d121d2e5

SHA512
512566a41de91eb6ec9afdde009c7089be12677e9d74086ee234c34cc0821bc5629a1a5898f11e822d241cfe443b597d26244655f2d87bf56826b31ad3cb2576

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads