8482ac32e29203dfeda7d0c5ca26e8f2bc1bc8c003b225c3e8732c9fdc7e5233

Analysis

max time kernel
119s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

057dccc239a29ca600ceb2d9f6fe8880N.exe
Size

86KB
MD5

057dccc239a29ca600ceb2d9f6fe8880
SHA1

a1ccc29e0ac6c6418398f3f62b05ae1a0e8252b3
SHA256

8482ac32e29203dfeda7d0c5ca26e8f2bc1bc8c003b225c3e8732c9fdc7e5233
SHA512

e4de1fd57859c4075f25399cda23fda0dde2d619bc3b2d3ec3d27d3d6a6ea1daeb0e37699d02a45f0581358197b506f49b1cbb9087410ba004532270f30f7628
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhK:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4075) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\SmallLogoCanary.png.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\desktop.ini.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp	057dccc239a29ca600ceb2d9f6fe8880N.exe

C:\Users\Admin\AppData\Local\Temp\057dccc239a29ca600ceb2d9f6fe8880N.exe
"C:\Users\Admin\AppData\Local\Temp\057dccc239a29ca600ceb2d9f6fe8880N.exe"
1⤵
- Drops file in Program Files directory
PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
87KB

MD5
3cb4dc17e26d7f3d4ac12a36bc02e264

SHA1
4076787aa9559a6596a228abef12a0b24f96df34

SHA256
2283bc58871a194a49a9aa447a3db76b4349f9cdd7edc2da333005ed42bec99c

SHA512
b64e1f7e9debd94259af229c50423f87ab0885da99bb51f268487ab0909f6cd88ebd7e8c4e0a5e80b17e14a1ba1da7b635e38f68bd996115e9ead0a8d59c3c9b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
185KB

MD5
3c9cb09e4bc665a7d14644083112ddea

SHA1
d162f577145ce9a58b66147156dd5abcb3ddf64c

SHA256
16fb092b73d10e363270af418edafd7c4fa0ce47a36fb4ab2cc936d7e716a657

SHA512
844ccbb95c67e11b0644f80e508c3af91dde5ffa738e20edf679eb91df1bd237ce24942dd455f3c1497ab3ffef16e0d9cc87ec3e452c35e450adb79d6a8d0257

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads