40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853

Analysis

max time kernel
150s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
Size

47KB
MD5

58884bef64138179c2819b4b136e5454
SHA1

87a9d36a464a0bcca7e17ce28bcfbfe1b34960e4
SHA256

40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853
SHA512

e94dd46dc8fbd687d2d1ae9058422d8f6e7e7e89cedd1b02145d68bd7f20ef24d6fe698b79ba549087fae61d2bd8744279e10f7bc76e1479fbef9e7c413e7e28
SSDEEP

768:W7BlpppARFbhknrAqQ/Q6JYAJYMMF/2Af+3mC+3m/:W7ZppApktshJYAJYDs

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4876) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\SmallLogo.png.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Resources.pri.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsBase.resources.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\LogoBeta.png.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\ucrtbase.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_wer.dll.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe

C:\Users\Admin\AppData\Local\Temp\40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe
"C:\Users\Admin\AppData\Local\Temp\40966a3dc7c3235e0ccb181d33e6a1847388adf599dfa440acb2538f598de853.exe"
1⤵
- Drops file in Program Files directory
PID:4564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1705699165-553239100-4129523827-1000\desktop.ini.tmp

Filesize
47KB

MD5
53af9a6e55930b06801a236dc22b140c

SHA1
b78cbfc198dd59da689c285eb5cf141f17d2c95d

SHA256
b3d96cca73212ab2e6d21eb9a7442c9f437c72dd13f1624cd44f6313bb091ceb

SHA512
ae67563d5e994d748b85f94160e498e67feb93aca67c5da1442999c624e41ddd037ee5e16a0464ab3daa8b18a94a3caada030e3e9de248292699eeaf67450749

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
146KB

MD5
231dbb70eecd030d99728ba91bd96d97

SHA1
0f35752c9ecac00b2cfe79378d5c8c449e085e6b

SHA256
95ab6a88f9cbb8607896ab2c3d6827a5fb1b5a5ec62e6373ec920002d7c3037e

SHA512
58a3e4821c5a03ef43f060cc52c542c8654d90e2f3b4cb2f14b10bcef6ae15e719b73cb7d8b50e8baf08620dcfbfcf06a31af71da9873b45961a0a0565ab3174

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads