1fa7e00b88246b6fd6531684a31cd31d064dc5207df1d8a1d2cab9f3c906aecc

Analysis

max time kernel
119s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74bf43fa51f9afd3895bd9c750d677b0N.exe
Size

93KB
MD5

74bf43fa51f9afd3895bd9c750d677b0
SHA1

d9c0a38ba0a132e981bafdf8551191fda8fcd49d
SHA256

1fa7e00b88246b6fd6531684a31cd31d064dc5207df1d8a1d2cab9f3c906aecc
SHA512

df72f051de41a85902ddbca59504ce092429a0683315c2f2097db9ebd9943f7b1ff76ebea1ab4a7fdf34024c766e4a3c397a9c4530d3a85cdb970df9acd42951
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/HfFpsJOfFpsJ/:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfF+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4615) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\MEIPreload\preloaded_data.pb.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_100_percent.pak.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationCore.resources.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp	74bf43fa51f9afd3895bd9c750d677b0N.exe

C:\Users\Admin\AppData\Local\Temp\74bf43fa51f9afd3895bd9c750d677b0N.exe
"C:\Users\Admin\AppData\Local\Temp\74bf43fa51f9afd3895bd9c750d677b0N.exe"
1⤵
- Drops file in Program Files directory
PID:1156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1705699165-553239100-4129523827-1000\desktop.ini.tmp

Filesize
93KB

MD5
969a0e4c0a7fd45cc2247b57ca5f262b

SHA1
44ceb8d90affa40fe490cee74e3cf12c3773d079

SHA256
3506ffc20958e26d1212388adb9187f688a7a2545a1d4e31e433adce6f1f6464

SHA512
7ff6bac255f892395b58ac0a8087eaa1bb4d6790ad6dcf5d7173e5e43f08ee6cf642d0073017a9d3ec25328078a209435ec28147c293ba6859481945cc131000

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
192KB

MD5
c1efef415176c1f96441099609395353

SHA1
5518be3d9dc301075456303eeb651f0604324451

SHA256
4810fbadd97ed90f4b6f2e0eb149e29de7b14611c9c0f1b42cc8349314ad02d4

SHA512
b272c7456494a22e382bcb0075c4c604cb36ba264c2a0d5d58a04374ca7747fd642d082166f0b00aa88f1bbfef527001a685f77ed3a01642e7b620acb062ddf9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads