dee88ce6fb280781287bd189630a1b7fc3e01ecaf19d648938d0dbd12044382e

Analysis

max time kernel
120s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ca24dc0cde4be96c24a3a5018568bf0N.exe
Size

60KB
MD5

6ca24dc0cde4be96c24a3a5018568bf0
SHA1

be1ed9e2f4f7f33d8207eb63075f92a824c3e8c4
SHA256

dee88ce6fb280781287bd189630a1b7fc3e01ecaf19d648938d0dbd12044382e
SHA512

c6c0c822ec863a3a9dec43bd81db7c82574749b238f5fc73fb995c86d7981ad6c3e5fadfa4a99ba71f6a6ceb6c63ace05ca87128884df61cf828e4a4b52f4bbd
SSDEEP

1536:W7ZppApwEwnmJARJAaXxXNJdkCKPuJdkCKPU:6pWpUnDXxX7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4642) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSVCP140_APP.DLL.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp	6ca24dc0cde4be96c24a3a5018568bf0N.exe

C:\Users\Admin\AppData\Local\Temp\6ca24dc0cde4be96c24a3a5018568bf0N.exe
"C:\Users\Admin\AppData\Local\Temp\6ca24dc0cde4be96c24a3a5018568bf0N.exe"
1⤵
- Drops file in Program Files directory
PID:4184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1403246978-718555486-3105247137-1000\desktop.ini.tmp

Filesize
60KB

MD5
c86214e1ef11f96005694a3b1b295168

SHA1
d32f4ac2ac1abd0e41bfb127eb07c6d3a0f34a6d

SHA256
16aea2f89288a3b4b5a7f878f8252ad49d732f2ee110ae2f1c1afbbc8a10ea20

SHA512
36e5d3cbe75d0fca469cbca23a73a420abaa69983d5795fbf85d211b63eab5848e6a0c01d37c9f8ed3782b39e2fbbc4917b30973c1269885944f0d51769bd5fb

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
159KB

MD5
bd3dea17614e5b5ceaa90c133662f175

SHA1
c564a0910ba8d25c1841df65188cd44adf43c618

SHA256
55b957849b8f726d056d90cdfb72495fc3a3653c040012cc5e4cdb3eec8c0ba3

SHA512
c00a2b8a96a46cfb8557ce500e1621d005e89fd5c8c98841abd3c8a3ae4542023cb4c8f6175a7e3fc0c393bb12a7f6c0c887b9c4f795a9d56b8938bc5254339f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads