b11187b7d1321ecf2c887b46c7fccd0db9220913abc08d36d370520b869f2e17

Analysis

max time kernel
120s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 21:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0fa482e4d28f4594ae128d12210568b0N.exe
Size

293KB
MD5

0fa482e4d28f4594ae128d12210568b0
SHA1

5ce92aa41a94be3134c8256e9fc00727171daac7
SHA256

b11187b7d1321ecf2c887b46c7fccd0db9220913abc08d36d370520b869f2e17
SHA512

b85b13a6d6b6b1077ca49e4d255abdc854dededaa788282f7929e666d96b33406d9a81265f73aaa1b012a476bd2db1bc898e4423b5e383f549b5393226cbde00
SSDEEP

1536:W7ZhA7pApaX0aX09rDVMFDwU5LenTpnDr5LenTpnDRSfuYa3bztYtzZrZotYtz1s:6e7WpGlCK1I1s

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3734) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\default_apps\external_extensions.json.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\fil.pak.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\SmallLogoDev.png.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\th.pak.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ppd.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	0fa482e4d28f4594ae128d12210568b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	0fa482e4d28f4594ae128d12210568b0N.exe

C:\Users\Admin\AppData\Local\Temp\0fa482e4d28f4594ae128d12210568b0N.exe
"C:\Users\Admin\AppData\Local\Temp\0fa482e4d28f4594ae128d12210568b0N.exe"
1⤵
- Drops file in Program Files directory
PID:3852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2990742725-2267136959-192470804-1000\desktop.ini.tmp

Filesize
293KB

MD5
276cf387b2700fd396b3b2d1d05c6ef5

SHA1
d9e030a7b361d1352d050f7424743e0b5a157aa2

SHA256
b2d40a59d9717d1ac4d525feb6442e8b27f02038bbc28b42c5f1c45a89c8783f

SHA512
e032a21262f5159923600b27da5cb23b79314d5b857e5efab772111715e7a9e2395c693256bf29a83ce91ea6f91f6d9efff13b350c4f73a2830ff855b3f57840

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
392KB

MD5
ee50f182985503c17cdcb857cfee5a92

SHA1
498033300f49f650d1e3f33d88478807b90e8dfe

SHA256
5d42dbcb092393c56f8c7640e565bd88ac039d6763565c011e223fbbbddeca1c

SHA512
ef2d3bf3b650f886e6c27f8f8d7a224598377a0fb9699462531340ec5c7e2cc3543c797302c4714936ebbe7614bbc7570eb680b36efae64b994cb340b7e12874

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads