7556fbf3bb4dae0367da9c081900592d8d205b340218c113a616915d1588f005

Analysis

max time kernel
120s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdd7bc6c99862737259fef809bf580a0N.exe
Size

47KB
MD5

fdd7bc6c99862737259fef809bf580a0
SHA1

c0fbe51846fd60df7389df3ff56afa35bcab067f
SHA256

7556fbf3bb4dae0367da9c081900592d8d205b340218c113a616915d1588f005
SHA512

1972715bdb21aef948aa2309154e61adaa4b1850a80aee797a0585e268b8f66dbdb6d51b6fc8e94da852ba66131c398d00278c838a1714a49bf53aa4b67b6aac
SSDEEP

768:W7BlpppARFbhShZ/D5zf6ydyf+abMkF24kzK3jbrCkoRWNk+AhZ/D5zf6ydyf+aM:W7ZppApcZ/D5zf6ydyf+abMkF24kzK3Q

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4632) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\msipc.dll.mui.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Crashpad\metadata.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.tmp	fdd7bc6c99862737259fef809bf580a0N.exe

C:\Users\Admin\AppData\Local\Temp\fdd7bc6c99862737259fef809bf580a0N.exe
"C:\Users\Admin\AppData\Local\Temp\fdd7bc6c99862737259fef809bf580a0N.exe"
1⤵
- Drops file in Program Files directory
PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2990742725-2267136959-192470804-1000\desktop.ini.tmp

Filesize
47KB

MD5
2fdd82278e4d14641ef9c96ef68720bc

SHA1
3ac48664ec7fde927ac75db5078b18f0f52fa65c

SHA256
e73dd974f71072ab304ae9f86707e5d68908088f7bfe4b56365e10e024c40e8c

SHA512
5bad4dcaac62bf485325e44791a9b589497430113f4c09f4329ae50cf138266ee1ea401f39d8db71e226f0b21f9a8dc46151b24215fba5de3295c7c921c7b58f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
146KB

MD5
b31e9ed9374ea0f6ad31c1a42f75d079

SHA1
e33b654b6dadcc5c2a317eccb0137a4d7025829c

SHA256
1d3398ba571c4ae4227f4b97e093956411776414ec237e47203a1907c3c0e322

SHA512
f29d1099c40cf23e34fee0006d5c36d5fe0c434fe15fd29259a89fe0727b7aa3a76ad38c7fc6fd5b2646e22a36545204f5b2bb0b36620a467f58c54688dce0d2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads