22a8190c88314b7e7ff3f7c8b5d301458975541ba0bdb33552573577d623fa73

Analysis

max time kernel
120s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 20:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

040941329aca8fb5f22436f5f5915450N.exe
Size

55KB
MD5

040941329aca8fb5f22436f5f5915450
SHA1

e5e3ba6c9ea020a0a2e380402782b5dcec7611b4
SHA256

22a8190c88314b7e7ff3f7c8b5d301458975541ba0bdb33552573577d623fa73
SHA512

1147d61eb5fc0a7acbfe3160879e4a621e9f59726f1031e85299826b6ac12ad8ca59b5d2ccec973f94ad572c5318c1062e23dc8de373220fb9e93a9b3fdd5e83
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDM:/7ZQpApze+eJfFpsJOfFpsJ5DM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4525) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-ms.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\AppXManifest.xml.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\ImportUninstall.au3.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ca.pak.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	040941329aca8fb5f22436f5f5915450N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp	040941329aca8fb5f22436f5f5915450N.exe

C:\Users\Admin\AppData\Local\Temp\040941329aca8fb5f22436f5f5915450N.exe
"C:\Users\Admin\AppData\Local\Temp\040941329aca8fb5f22436f5f5915450N.exe"
1⤵
- Drops file in Program Files directory
PID:3528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1705699165-553239100-4129523827-1000\desktop.ini.tmp

Filesize
56KB

MD5
8cef80916333365370da07bceeba6b2a

SHA1
a1e088b339825d3b85dac50b58e88a5482f1d0c6

SHA256
76c362d0098320acd96c5749a3ae2dccd0af294941bb104ec0972b62c0ed3bb7

SHA512
ee01e3646d84c66af985ad41e3d2100d4275c5c96cb92b8c466241e02644776503f7781fcbc7cb74fb98687354762ee6a2d4403cc064e9ba74f7e9cc11da0e0b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
154KB

MD5
688850567b67035b236398f23e47af01

SHA1
3c7cf7b0645a2bab413c6d30e72674cdaf2b096c

SHA256
6016e56b9cb09e560b4c89cd7793c8d2d9b27fd2b39750d3e2e5e1eff6780212

SHA512
daeaad714e712450e0dc321765e6ffe5daff5767a40065c7e44a1c198b2f9d7650fb3afafea7792a9205ac1462334a9f89916a1358d4728df803a7c40f5e5024

Download Submit
memory/3528-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3528-1800-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads