a61e56738068f1f8d41fd24724100ac6987b198f5f3e2906aeef75a78a91c77a

Analysis

max time kernel
120s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e2367becc77c8561ccefac42b375610N.exe
Size

100KB
MD5

4e2367becc77c8561ccefac42b375610
SHA1

f130d7a184fc4486e8d9b794048081e8b12170f4
SHA256

a61e56738068f1f8d41fd24724100ac6987b198f5f3e2906aeef75a78a91c77a
SHA512

4e1c096e5f3e4f534c80f31b133819e6deaef3062ffebf2fa694b8f96913eb832f0012fcae67bf0e03df22d10ea790f21a880c45b7d2ae52eb8eef1e030c173d
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7ffvN:RqKvb0CYJ973e+eKZOf7fN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4371) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\es-419.pak.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jre-1.8\release.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\CloseGrant.jpg.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp	4e2367becc77c8561ccefac42b375610N.exe

C:\Users\Admin\AppData\Local\Temp\4e2367becc77c8561ccefac42b375610N.exe
"C:\Users\Admin\AppData\Local\Temp\4e2367becc77c8561ccefac42b375610N.exe"
1⤵
- Drops file in Program Files directory
PID:2428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3419463127-3903270268-2580331543-1000\desktop.ini.tmp

Filesize
101KB

MD5
6b50148b289043f8ba412d89fe6848f7

SHA1
ba648f5d1c4ba958226f5dab1624ac1ab795b350

SHA256
d50b6926f511dca3fbfb4442d2fb8b479a520918c71fc667f99d1a86bfa44882

SHA512
76564542fc979e228312661e796dce24879525d8bf97507d9d2d5d451c2bd0c5bf955553e0512f48485832cd11b2cc500c8bcb3b265405d9434a655c58cbf707

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
199KB

MD5
4f4189a5b7244dd259b90397b15f4a30

SHA1
5d81dda189cfc2c0eac770d0931891516f050b6d

SHA256
6a72259a6026a2af0a610561debdd61f145ac85d38e12802e77f0317354f5941

SHA512
80158b28158fdd82ffbffbea7507e2e85de7d5ec28ad713642771a73fbdf2e6a64238bb72af7c00172b9c49a03b0b6f9f61dcb2b103a41663d9723b55eddb98c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads