23e2c75d7f2d69b0dec81bd3521b3122babe37a334e9402ab4287e9b672ef619

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54b0ec760163a9826918f61508774d70N.exe
Size

98KB
MD5

54b0ec760163a9826918f61508774d70
SHA1

51b4f546f59ad2bf34a678e8d30ab5235f126f2a
SHA256

23e2c75d7f2d69b0dec81bd3521b3122babe37a334e9402ab4287e9b672ef619
SHA512

f6047a622d4f29c91281a9f259b84fe0495d9e3cbe8423678580b124bd340994d1b7c25198a9cba9840a5591a053ba209818084c5fa69aeb4f13143d1e91d564
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSskV:6e7WpP9oVLQthbYY9oVLQthbUvG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4217) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ko.pak.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sv.pak.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_elf.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\lt.pak.tmp	54b0ec760163a9826918f61508774d70N.exe

C:\Users\Admin\AppData\Local\Temp\54b0ec760163a9826918f61508774d70N.exe
"C:\Users\Admin\AppData\Local\Temp\54b0ec760163a9826918f61508774d70N.exe"
1⤵
- Drops file in Program Files directory
PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
98KB

MD5
470aa8507791ac9ee53310c4c4271369

SHA1
812c95be6628da4ed32331f4311e47e14fdd377e

SHA256
23ef84a5b7da3add8e7ed599048aef88741d31769d4b652f13d7334ca028858f

SHA512
2ac1581c98f2fe0aa8ba3426940b427928d175d5f1488fe03f5182c9c2cbb04ed4c3409f35f99b59b23c246096466c4a23c8e4551c645486cc99141eac91ea8b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
197KB

MD5
a3c9afc369fde41ccd70f4c61958df89

SHA1
d5aa0ff60ca595c73d71ba49d68ff1be8cf3323f

SHA256
145e3d7c8951e3cfa9671ae09d5cbe547fe72d6a868e803c46b8479f4f1ba1bb

SHA512
efde5451632453d8ad4d328180bfb3d75d1e670343083a4e55277c6c20155b185b38b6ecd3e5ae2e68f4625dc5149cc0d6d3c3c877c915c5abfeb0ce9b9f4d70

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads