8964ceed4629e28b3ec7a0d1e442893e9fa974080c305b749c6123df344fc5e7

Analysis

max time kernel
120s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 10:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afddb2ce901625767994ff3567df2fb0N.exe
Size

96KB
MD5

afddb2ce901625767994ff3567df2fb0
SHA1

c92bd79c42ab8ea1f86ec0a89af3b78a80bb9f48
SHA256

8964ceed4629e28b3ec7a0d1e442893e9fa974080c305b749c6123df344fc5e7
SHA512

8716e5e09a0b5f38aa9dbf922c53c40d4e8daaf7405222dc0675e8e366b737570114abe9be5e90b5539255dcb8786d3051467f95f0427fe5f93cb1b2d15639e7
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB9:PqFF2Ie+eFa0W

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7z.sfx.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\ApproveRepair.zip.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ca.pak.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp	afddb2ce901625767994ff3567df2fb0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	afddb2ce901625767994ff3567df2fb0N.exe

C:\Users\Admin\AppData\Local\Temp\afddb2ce901625767994ff3567df2fb0N.exe
"C:\Users\Admin\AppData\Local\Temp\afddb2ce901625767994ff3567df2fb0N.exe"
1⤵
- Drops file in Program Files directory
PID:3168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
96KB

MD5
da2a257097ea61092efae65722312edd

SHA1
596ea8c2dfdd31c448e4300f0170bd2e2b5a7ddb

SHA256
15406cacaee20c4d4d367c48ec153e8bc040a2eb7e9b1466f85115cdebec22af

SHA512
f6f1cc3a25c108379d8bd3abfdbf0ccdbe4ea0a85e6a80d2bd0a99b15ac1ccc91a9f4939f04a8492dc7b61d47961f646f01d6b67ef84149c070c0b9d82849750

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
f20fa7db3253c29bf9e1bc1daaef1e9e

SHA1
cd7d9b49621f91a407bfbb391be2e7b8ff99f044

SHA256
850e5ffb266e2787f0e5567c03403d701e2c1f6935e5d7d8609dc3097e1ea287

SHA512
000dffaa298258a2626380ee24041aea52f1cc10ad1e0f2b6741ba1644683d011e61795e6ff34cd8189d3eddf62a2828efc152e074ccdb9d3c93a5b828dd1952

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads