3d677c417ff8c15a41f3e0a9d4f407bc5497d452ba8d88ee76f161829fdc119d

Analysis

max time kernel
120s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3154e8617068646668ddacd786d8360N.exe
Size

66KB
MD5

b3154e8617068646668ddacd786d8360
SHA1

fd583d1445d83dcc8cf7b9150ba0d2d074469dd0
SHA256

3d677c417ff8c15a41f3e0a9d4f407bc5497d452ba8d88ee76f161829fdc119d
SHA512

e456782c39d82ca86aa0e76a3f85a0ade651e3b7c4503f7034294804ae572c0b136978269f1193da97c795455e94716e294daa6a5b661177e554c859be251f8a
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvr:6NLWpCZIzjwHwp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4281) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ca.pak.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp	b3154e8617068646668ddacd786d8360N.exe

C:\Users\Admin\AppData\Local\Temp\b3154e8617068646668ddacd786d8360N.exe
"C:\Users\Admin\AppData\Local\Temp\b3154e8617068646668ddacd786d8360N.exe"
1⤵
- Drops file in Program Files directory
PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-47134698-4092160662-1261813102-1000\desktop.ini.tmp

Filesize
67KB

MD5
6c7b6f4131bd2db06ac270af306b688b

SHA1
6a9e3b472209e26aa8f04226b1d21dd1a268b476

SHA256
92e73e878f13457c8b46e5ef40d94ac678367c1fd3772a811f0aafacc611a8ab

SHA512
32d5f93998a75f061efb91e02d9722b83ffb5449334195afd0c3a504798d6a08dc8c990cfc3d91d0bf27b51d89c5105a41e56a3102a9e448b091711cb8441ce0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
166KB

MD5
a7990f05a016bf93d395e38002520ef7

SHA1
2b88343e3418baeaad0bb5eb272e7b4734ee6f90

SHA256
cf9430129a90492160084f81adfe827820a82f79652bcb258461b00b0a2a3fdb

SHA512
2eedd573134fa37752765bc261748bec8e6704252fab3516d0da75f22c2fce0426f5d864fe594c79409c76376ff0297ce3f15d51564a0c7b91c9186a36fd1267

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads