4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 21:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
Size

87KB
MD5

03969b33159b987b2e1024dce894d062
SHA1

4802e1707e86202fb7a7f437ec97bb74e894b2fa
SHA256

4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83
SHA512

9db4b538a51768fe4f9c14f7ae03eb03e351b774497cb37a02819797504f18200c0d5d00ded5582d1028e9ef27d8e43857da6c935ceb003ee4355085be71d4f3
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhyEXBwzEXBwHUw:W7ZDpApYbWjIoPyPoLzV7c6ShRBc7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4865) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ar.pak.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sl.pak.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Xaml.resources.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotelemetry.dll.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp	4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe

C:\Users\Admin\AppData\Local\Temp\4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe
"C:\Users\Admin\AppData\Local\Temp\4a6139dc62085ac0e220cca4b6eba10792b9b73cc52984c6afbcaab621f97e83.exe"
1⤵
- Drops file in Program Files directory
PID:928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.tmp

Filesize
88KB

MD5
89c80499ebc2a78f9e83fae96382bd4d

SHA1
fc7217dd5e13a64032868343d242b61756ee0f50

SHA256
b837ffd6495d9c74be2fa1f9191e80a38be6c8a2ab31e3bbf6f163a6ce724922

SHA512
63fc9483b8224f0add2716f86ea2207668d026b4aed9ca359b82228951ebc7339af954693daf0f91dded2b5d1185e4c3eb4e286411e6c3c6ec1ed603e805f234

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
186KB

MD5
eb8ba7c4f51e83f912a54c0b9c6382a3

SHA1
6ea8146c54d0d14b3f0ff8c2778f70c3a3509b69

SHA256
7b2838fc4fb9d6262476628864f6c1d593e66a10d2e809fa0a514dfabeb8d7e4

SHA512
b61d67e7293a1525c4ca25f4f9d4c04be1f1f6d76fca0897049768448a4cbca6ca8d59a5a781faf2d99b25082b25d574f1b890df615910eecc777b36a86688f2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads