19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
Size

284KB
MD5

0c795a05946d77c3b39d2c9f15c6a1e8
SHA1

d4718a7d898c50e5ecef544e00350055a99b8768
SHA256

19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c
SHA512

ed43af6b569b6fbbddddc3f6b6677d4a7cecaa6f25f3a8aec4aa23b676c9383975f30247d2121c312b2ef38925ef64f366c5c54d620d89b33756d00158689930
SSDEEP

1536:W7ZhA7pApaX0aX09rDVMFDwU5LenTpnDr5LenTpnDRSfubQa1Q5IkKZKZpfydCkE:6e7WpGlCKP1Q5IkKkD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3714) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp	19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe

C:\Users\Admin\AppData\Local\Temp\19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe
"C:\Users\Admin\AppData\Local\Temp\19486b44fe6c2fc0ae2540491d3033563f43aabb2919896586bfde6a154c337c.exe"
1⤵
- Drops file in Program Files directory
PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1750093773-264148664-1320403265-1000\desktop.ini.tmp

Filesize
284KB

MD5
7650674d581ffd2c620bf4f4bbf29cac

SHA1
8f9910d42c80dd143f3ee61d757eea45b154cce7

SHA256
19477e2193c4d776398beffea58c5744a78691cc915e70ddeadc2a975be93302

SHA512
e1927785d318f256f5451171dfa6376e7a8ccdc368a48d6442ae100c78b034c9da5783e0c79884bcf756de4d5d54d232b212c77d110a000f296d0d8f4fcf86b8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
383KB

MD5
0525ecaaa28a6595c5f0bc647893846b

SHA1
81a917083ac06cc8c3b348022482327dd29ffcc6

SHA256
b986bcaa0518bcdd00286f12ec1364be78cc19b7f593fa1c5af808d199618747

SHA512
cecacc442269111f01daf3e4c576c1d3e3e52ccfbcdb1a4a7a43f8a16c1037959c01b0300b07a1062466915cb817ec06be01c7b09374806d7129a6f645a5b9a4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads