982bb96c6eaab7ab7316b444075f9901b6b482daa0f90e90b916c91b4b25ad23

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

352cde7007ed4a5eca27b23d0d1a1aa0N.exe
Size

85KB
MD5

352cde7007ed4a5eca27b23d0d1a1aa0
SHA1

504964e86ab8174a88b88d1e1467da6062a705d6
SHA256

982bb96c6eaab7ab7316b444075f9901b6b482daa0f90e90b916c91b4b25ad23
SHA512

a79bcf51f68934553f050eb07468734cb6d445059a9bef78178e8be48d68adea22a06339174444419a5ca04a41595b4ab27b97e5abca0a44300d7beede7b7aa5
SSDEEP

1536:W7ZDpApYbWjIoPyPoLzV7c6ShWfxRfxT4J:6DWpLf7fw

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jli.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\ImportFormat.dib.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\af.pak.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe

C:\Users\Admin\AppData\Local\Temp\352cde7007ed4a5eca27b23d0d1a1aa0N.exe
"C:\Users\Admin\AppData\Local\Temp\352cde7007ed4a5eca27b23d0d1a1aa0N.exe"
1⤵
- Drops file in Program Files directory
PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
86KB

MD5
cd8306c8e93abfe76ba5eff96a1d44a4

SHA1
9cad8939dee10572fa25ed93b958943efaa9cca3

SHA256
757d113e1cb7f05f76c715de52392e516f354ff898c688d9dc532e3f32077079

SHA512
5fd957832d0748e6aae24f462cc25ab2e4bbc0a0ee170f0e5b4051e66dadfd78fd1906637b4634558de8702b289eb499286d726f801367b3653d5019247f8873

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
185KB

MD5
2ebea4365b04658de562ce85a668a0d9

SHA1
f80f90b2a7fae7de07f62d4a35e4571ff5586476

SHA256
675e14c77127fdfcb33d993a7e17da003c02c6a6eb0529e210649a2f8b0d0bfa

SHA512
8b60a0fae4d5dc19731caf1fdd6d1858841c17652546eac8466300ef3a3af37ea29468605cb59bc520e101ed4f5b027dd09f668200aed8070ee8571b82d1b658

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads