044f88f9696a03be1b1227ccbd65366c59050f4adfdea3adedf2d2cd8a7a6cb9

Analysis

max time kernel
120s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05c67c737c56498eb4da9b0941ad9e40N.exe
Size

89KB
MD5

05c67c737c56498eb4da9b0941ad9e40
SHA1

e780f520c9e8ad737a01a1f54e979f730f7f6ed4
SHA256

044f88f9696a03be1b1227ccbd65366c59050f4adfdea3adedf2d2cd8a7a6cb9
SHA512

046f8c72c03742d4e80077e8369fcd7a94b4e3a8bcefe10fa4deb6fb14e932ae0b65398d422b6312a85fb3cfe998afd57dc760225c428b60012b7780ee3ce99b
SSDEEP

1536:W7ZhA7pApH178NKsqzot4c4G444444444VkyKAVj84Z:6e7Wpazq0YKAVjb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4219) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Xml.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\bn.pak.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R64.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp	05c67c737c56498eb4da9b0941ad9e40N.exe

C:\Users\Admin\AppData\Local\Temp\05c67c737c56498eb4da9b0941ad9e40N.exe
"C:\Users\Admin\AppData\Local\Temp\05c67c737c56498eb4da9b0941ad9e40N.exe"
1⤵
- Drops file in Program Files directory
PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-464762018-485119342-1613148473-1000\desktop.ini.tmp

Filesize
89KB

MD5
aa804178ae6a5b7f7a84697ee9fe43ae

SHA1
16fb61059338b1cb43a081b6faed3f3480ff56e0

SHA256
68585060699c2efea09b733083e3512fbd8732b60ccb79ac8480de4f4d0b1fe3

SHA512
a3a042a0d49f80d122934263171967e04ac94ec84c8af2d906df9985634cd1eb9114c67de9d961774c47b95f546314c40a501f23b694e7ee611adfd98c65c0f5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
188KB

MD5
8e60c5d59fb727be195aa82ce3438b52

SHA1
325cd3c9d8caef829838ef7c20bd0b2e86cc8ba6

SHA256
126a25ba48f611de3819d0b06494f65637284b6c6183390a8978ec3189b5ef1c

SHA512
a60fd811bb4f37d98d09d0ff35a5eca96ce000378b66568bacfc4e8cf8a7180ad74c4d3d9160ffbf2721da8e06da8c9f206f8b795abd274fba3f326b1d51a6c8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads