08f060aefce7f90c31feb881ba26ec0b031a7825a30b4404fcf09bcc97f062a3

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
Size

269KB
MD5

94ef1e3fd48589e00327c5c3d3d3f8f0
SHA1

c7598f2fa4000cc9df94a6971aacafd77053647b
SHA256

08f060aefce7f90c31feb881ba26ec0b031a7825a30b4404fcf09bcc97f062a3
SHA512

45f8a644b0066fdec81d61c2d64a8b8e5389eea6f13af7bc0618f6eccd9a958971c4b2ad8a6f14d9f17e8d67fd292cea2608a9ef486c6d5351fa222037dd0479
SSDEEP

1536:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IQdcbGVzkc5jdchVzsc55:Te76WQSohsUsWU9BK3Qmy1dmh1D3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2776) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\MergePush.temp.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\en-GB.pak.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\AssertMove.MTS.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-stdio-l1-1-0.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk-1.8\jmc.txt.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe

C:\Users\Admin\AppData\Local\Temp\94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
"C:\Users\Admin\AppData\Local\Temp\94ef1e3fd48589e00327c5c3d3d3f8f0N.exe"
1⤵
- Drops file in Program Files directory
PID:636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
269KB

MD5
9d2e32de183a234409a2bb0ec4f44561

SHA1
74aec5cbaa68a9d87ac34839199b7ae69299b411

SHA256
616f4f2899ebd3bd8cc5a1cc2f20c28d71bd35d6b72fc3811a848ad4eeb51717

SHA512
637e76e17064c8f8f7c2f3aac975c5d59a591255696feb58029241864961e0c86f78aa0f09688d975b17c5d9185f9156ea511445248a10a6d450e34b70c86f00

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
368KB

MD5
cda2e8503f9bb87f4c90dca20405dac9

SHA1
3573b61010451e9c74c8566e2c9cbd4fbc005638

SHA256
b4b2b183f71ac8cfb548100986e57cc1cdc08b5e294fdae639032cf89caf2c92

SHA512
d123241849c938b5113fd53b179503f2219fe0a83dbbde973c481c1a40ff687ee2826173200440e83cace1a9ae5df8a5203d8307488817699feba63d2dd4adea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads