136c45902c61aab06d274daaaa987c922455f642896300d618c8f5b5a516144f

Analysis

max time kernel
120s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a38852d42d1d17378cbd9a758326ee0N.exe
Size

42KB
MD5

7a38852d42d1d17378cbd9a758326ee0
SHA1

636496974eeab9ede1d7a3551c9f7ae0644924ad
SHA256

136c45902c61aab06d274daaaa987c922455f642896300d618c8f5b5a516144f
SHA512

accf55ca183c42c8f88ab4b8cf3819ef08eaa4d5b26ecf48f13c9077dd86dfb797d2f9d07a421ab8b26d897c1b98c8303063b2e6acccee2ffb0abeb6ed8ed044
SSDEEP

768:W7BlpppARFbhknrAqQ/Q6JYAJYMMF/2An:W7ZppApktshJYAJYDT

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4694) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\th.pak.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\vulkan-1.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe

C:\Users\Admin\AppData\Local\Temp\7a38852d42d1d17378cbd9a758326ee0N.exe
"C:\Users\Admin\AppData\Local\Temp\7a38852d42d1d17378cbd9a758326ee0N.exe"
1⤵
- Drops file in Program Files directory
PID:3116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2990742725-2267136959-192470804-1000\desktop.ini.tmp

Filesize
43KB

MD5
0270abf8d0e6fe64683489eea6a503ad

SHA1
fda3f601eb06611bec2a2eea12d81a2fad431ca0

SHA256
e1f88d5e01bc805c956dfc7404a888bd9d6c82af281453a3fbe39e0bf0d7d13f

SHA512
b3fe2f31265252b24cb5e3e4afbe3bd5663bddb6a3a07d0af202f4e70b0bd97edf80ea129c2284de0bf58896012e411ce003c2d9397788ee948d5bf05429b2c2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
142KB

MD5
a66b2e8ad4247392f061b0bd465a3810

SHA1
a0634774c5c94ff18912a6d414b25be25bf139d4

SHA256
c11051c90f79fc77450e03a568168a1f85ea1fc7598b8acce476ead211940171

SHA512
825ce714b517ef3f1c6baddb03a3728cf83532cef3cff7d3940343508cadb3293bae62f07949d93bb155e5619e23ad5eea8b1574a28f1ef537e704140668c390

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads