6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827

Analysis

max time kernel
149s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
Size

72KB
MD5

9d183c314f13d9f9891e9dd3a8d5b752
SHA1

6e8b88a09ebbece0bba4c69e8cfd4b1ca23f7f18
SHA256

6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827
SHA512

2e9ef509535ea22ed5f9d0c18f3c8420f55646eb6d8cc79e271a6206f6cfc2e089cad6076919c31f6420f8803de28d83c4389ce90d1ceece41d2d1534d4a682a
SSDEEP

1536:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5GT6Sr:6+WpDfmRfmh2Tl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4835) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\vk_swiftshader_icd.json.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\SmallLogoCanary.png.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp	6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe

C:\Users\Admin\AppData\Local\Temp\6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe
"C:\Users\Admin\AppData\Local\Temp\6c97da7bf8ca5f7944a6e4dcf8d97ae783fd6df2dbdd594856df958e62e3b827.exe"
1⤵
- Drops file in Program Files directory
PID:3964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3419463127-3903270268-2580331543-1000\desktop.ini.tmp

Filesize
73KB

MD5
4ebc7aff354fa534a6443dad9fbbd887

SHA1
3ee135cd5ec663e55672a1102d93a676e44c6f48

SHA256
51fac97ca1765b156f21854041b68c9e8173457cc5477f0665c71b97dcd08eae

SHA512
ea584516e83ecafa4df4e619431f5ebcb8f91556c42fc84085014a408f5131d35523772b8bf19d87031f4ecf731c420a1431438568544f67adcca9cbed9527a7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
171KB

MD5
d4a918f353f5ee808a7563e98ec13e92

SHA1
0ca5eac4761e29ad80cae73ba64956c3451872b9

SHA256
58a36650fbca7947d399b2f6472dfc3930d46debe195654c165b9fd219f76995

SHA512
481ccd4325fa8a39375f5526476fe73f5632c2742cd0e75e6c68ab5668a67a86d969b0322de2c7298d43169ad9a3dd58942794baede8b0d55b939826ece09f5f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads