fddfbab9b6fad041744f777f76fdc99f7c3f1c88b4b31cfd36cc14af45fb77ff

Analysis

max time kernel
120s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
Size

44KB
MD5

3fa1cc8be4d9c7a5f6c6b43b26d67a10
SHA1

a4c19029352655fbddddfafc5be8d118d4606d5e
SHA256

fddfbab9b6fad041744f777f76fdc99f7c3f1c88b4b31cfd36cc14af45fb77ff
SHA512

49b1633305064c745e2e01e489354722a8efc83db91ae47d737ed51b856eeec31af14359ec850a485013f8854403f99d84d1a2b5623c88b6306df539d5c9b052
SSDEEP

768:W7BlphA7pARFbhOm0CAbLg++PJHJzIWD+6/huEQhuEzFAo5fOiJu6OiJfo5fOiJu:W7ZhA7pApH1++PJHJX18EQ8EPePed

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4324) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\pt-PT.pak.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\SmallLogoDev.png.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Controls.Ribbon.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe

C:\Users\Admin\AppData\Local\Temp\3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
"C:\Users\Admin\AppData\Local\Temp\3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe"
1⤵
- Drops file in Program Files directory
PID:5032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
44KB

MD5
4448ad5b62cb92ab268a56709e41696c

SHA1
d6736b8a9818895dcfafab55416a19c228790b20

SHA256
8711e1792033509483373a614caac8cf4860e46f2aca325fce51fc707ba77a64

SHA512
58a0d041570725abd112a9226b85c69be2186c8429f5244202935dce362a33c56367c13ccaa0dd106619e8cb3b3019e8335d7db216ea7f600f68b95fa54a794d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
143KB

MD5
70111ae90f5ce2f49dac78616feca795

SHA1
c095fb14903d8f14dc251593d9401020164bce54

SHA256
2710842882b0ae52d2b3b9928a36b6b7d1347b7f33869b5b61d1d0365c819142

SHA512
de5ea29de838238bc49995cded3ca177a68aa0e82f8c87e62953165c1664a46dc627d64e66e83832171f498dd03a1a456a128b634094b070b9a9fd0585a4d68c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads