9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
Size

43KB
MD5

b9e3543abfa1f556120c0535b0b10051
SHA1

efe49b5d1594e0fdc8929569f3fe3db552d9e130
SHA256

9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e
SHA512

8a01d32cda9cedd03ca44daa4f4bf3f881b0f7d76f27e020f7273cbbfdeea313b4628077413da12dee710cac83b021be8908640e18a99f56aa5427888ebd7850
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJwNqikTqikB:W7ZppApyqikTqikB

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5111) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.stats.json.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\ApproveCompress.zip.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp	9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe

C:\Users\Admin\AppData\Local\Temp\9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe
"C:\Users\Admin\AppData\Local\Temp\9b8a575aec5a610f3a604fb3a073ed2cba0e2037d1286e1630b6045eb62a257e.exe"
1⤵
- Drops file in Program Files directory
PID:4764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2990742725-2267136959-192470804-1000\desktop.ini.tmp

Filesize
43KB

MD5
b2a7a3a75cf3b94b0c0d3f7231755f31

SHA1
a3d02bb28f6c64d309a327035f0141bca4916419

SHA256
dbb6cd5a58fea36914f4ef3a14e4e279d9fcefebd372bd67f6d9061613c3316a

SHA512
dfc347a89bc6b44b5775aa1cb5ff7ff253d531f32bdc5354ba309a0a0562d628c2b356eb4f4b436f92b8dc7ebe7837acefa52f50dc7f89d7daf0c01f53a86e6b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
142KB

MD5
30f7350e9de929c15c1d0bb043847171

SHA1
d2c75291cf988cda3ef369cbbc20859856ce399f

SHA256
232056a64031dc46f030b6b962a378c2e1b89b63be513ebbb6a6720523981fbe

SHA512
03710fc57fab89aa7e4b4dd685a9f67b3927c1cb924f252c0db7c8f41244e051639899c08224b39c7db9fcc2fbadf722776a51e26d1547db791938ca8df7844b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads