d6dc93bad0dbb6a767df7092ee0a39010c026a7a939cdc98ef267d3466704607

Analysis

max time kernel
120s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ebedd523dfab739490299f54a0ea010N.exe
Size

44KB
MD5

5ebedd523dfab739490299f54a0ea010
SHA1

1cae87495d393701cff3d13b4b993a6c77d7e7f4
SHA256

d6dc93bad0dbb6a767df7092ee0a39010c026a7a939cdc98ef267d3466704607
SHA512

e2e0681de5d31eb7b8b6e2ee542623cea45b4d2626895ab6f5514826e0cf002c65c975de8810e9a41e949564b137ee83b366a4a982571a1784c13a1942584445
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJwNqikTqikW:W7ZppApyqikTqikW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4579) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\desktop.ini.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_sw.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f33\FA000000033.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp	5ebedd523dfab739490299f54a0ea010N.exe

C:\Users\Admin\AppData\Local\Temp\5ebedd523dfab739490299f54a0ea010N.exe
"C:\Users\Admin\AppData\Local\Temp\5ebedd523dfab739490299f54a0ea010N.exe"
1⤵
- Drops file in Program Files directory
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.tmp

Filesize
45KB

MD5
27d8af347416a643d82e1273fc042614

SHA1
6d67429d6389f4e934a30e17f2c3cab3a73c65e6

SHA256
2efe8ed5ce1d78f4705ecb1d7c94d5846891ddb9573ba3e5763dcd092f6af546

SHA512
d0ead49748e9980714f0a6fe32eed1b81947bc047a06bc5a488bcfcb7fd6008390ba496ce2247d85fe2cebb271e1ce03ca4790ff718732db3f211f3faeb9404e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
143KB

MD5
957243730c09449ec31ab63842fbc3cb

SHA1
8dfbb8fc196bc9a84f515589840b045d2faf917a

SHA256
c082cb1cfd2fc02f807199e47b6a70478749e6068ddf4f0c847b26c60e0cb5ab

SHA512
ee62a94c7125bfafdd6a70f8c59c26dc2ba72aeada067e293d571f5ea149dc594cf7c5e0212efa293b8d3ede2b883f9a2c6d7aa8ec589c496a1cfcd5ceef0942

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads