712fc30757b9b432fb964fb0a55950da1aecb4b9c2d1a3539f2a5ed52af970fc

Analysis

max time kernel
120s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

926259f15dfced320a1117cb12291a50N.exe
Size

91KB
MD5

926259f15dfced320a1117cb12291a50
SHA1

667c27d0bab20c8e3fa0f2920ccd13503735f74e
SHA256

712fc30757b9b432fb964fb0a55950da1aecb4b9c2d1a3539f2a5ed52af970fc
SHA512

abae70638994442f3d60f83530aa211a78ee6f87b99ba0ba14be2b2869113cfbb8616678dd9e8de722add98e242a77be51593a10e1cd3536f1384ef8516df5a5
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/HfFpsJOfFpsJF:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfFc

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4369) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\id.pak.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\uk.pak.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Xml.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp	926259f15dfced320a1117cb12291a50N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp	926259f15dfced320a1117cb12291a50N.exe

C:\Users\Admin\AppData\Local\Temp\926259f15dfced320a1117cb12291a50N.exe
"C:\Users\Admin\AppData\Local\Temp\926259f15dfced320a1117cb12291a50N.exe"
1⤵
- Drops file in Program Files directory
PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.tmp

Filesize
91KB

MD5
c87a8bad8a644612a84b7a001389202c

SHA1
04861e74709a355270a7c4016e370372b52639cc

SHA256
7d24d18b893b3d633db8bfe90a5c55fcebffc9640a0414b08a9b3a4efd993e0a

SHA512
1b2e7b5b58d9222ff66b720dfa4be8821b8e7770ae27ab60db4b782549ab0e50df7f4e13863f41d773bdf43591a9e93b42669454be5b441e25176f58a4905254

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
190KB

MD5
c77382c1870f78289879f399b612f397

SHA1
a1463a624d58bf991ce3b869f4cb68c9663dad90

SHA256
a08f0122ad13bb7c974daacff73f027ef081b88ca0c9e61b853495b282021d6a

SHA512
78fb0415a100b275575853063d9c4563216aed4b9220b237247f64da366ee325f3eb867f653359ba24b02f2c4e5963831741fc6dcdd2c9e3dacfc6ffb5bc32f4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads