5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9

Analysis

max time kernel
149s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 21:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
Size

44KB
MD5

e39d72140c17ceb78f857d47cdfcd166
SHA1

131ef0409ce2ec5a7c6c645ec6cade980eafc75a
SHA256

5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9
SHA512

f8fdbd8e0487125ce3e6651e2417b8dbb2b72b06fba015ce6073b344bf7479d35ca1ee28a1ced5405b89006c326d9dd8e1be58b73901360c90c8f696c85ed1ff
SSDEEP

768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJsSt:W7ZppApkFSt

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5025) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\GroupAssert.clr.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSF.DLL.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Client\concrt140.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Xaml.resources.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\UCRTBASE.DLL.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.stats.json.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe

C:\Users\Admin\AppData\Local\Temp\5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe
"C:\Users\Admin\AppData\Local\Temp\5b2d07ea22b90725e4caca4e776c27cb94219a863e6d1fcffdd4dc29f0f57eb9.exe"
1⤵
- Drops file in Program Files directory
PID:4852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2990742725-2267136959-192470804-1000\desktop.ini.tmp

Filesize
44KB

MD5
e451360619afa4af272a6c5f06d0b329

SHA1
a8792aa2eea0e2a3c0c58ae11cacfc4d52eca736

SHA256
97d9181cefe0aaf9bd8afc8248ceaf3406e401504bced7e5b99f45c7a1b1027a

SHA512
a9f643fb2efd51afaf50f57d2030c781f2d0647354a5698282b2edf126df58ef6feb114395b3c3e45eae6f04b7448445e8436360173a20be360361c517ba0ab8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
143KB

MD5
e57cdb732613833d27ec6ba024a8fa95

SHA1
74b3e35d1cd71a185502c20102e6752a564a3e8d

SHA256
3ed78d77c04201ece40fa3e411c9ee3c7dbd4f487c7e9e8cb7ba6a486b15fbc6

SHA512
ffed32f718749f2e901183ce8f8f1ae19c455f46977cd0d97b4922478717c09c5d52903fe4821254e32d48a7422fa7304e3119f3a690115bac687d594f96b22b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads