e37d8278c97f5b0df810399a2bcc82b83598180931c15e1323a2eba4074d84f3

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6186fc16c91a534818c28551139718e0N.exe
Size

46KB
MD5

6186fc16c91a534818c28551139718e0
SHA1

0295589c02916e981c9a1dc74eeb2f5b0a5e5d69
SHA256

e37d8278c97f5b0df810399a2bcc82b83598180931c15e1323a2eba4074d84f3
SHA512

d04d1e12766d0c2ba2ea7af6a0bd49213f1efc983a9c43d0908b9d40301d6d92156051cc3c68bf2045a773f4d50e6e93cd2951b647b2fce58c43da8e1600c170
SSDEEP

768:W7BlpppARFbhShZ/D5zf6ydyf+abMkF24kzK3jbrCkoRWNk+AhZ/D5zf6ydyf+ag:W7ZppApcZ/D5zf6ydyf+abMkF24kzK3c

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4587) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\coreclr.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Cambria.xml.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp	6186fc16c91a534818c28551139718e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp	6186fc16c91a534818c28551139718e0N.exe

C:\Users\Admin\AppData\Local\Temp\6186fc16c91a534818c28551139718e0N.exe
"C:\Users\Admin\AppData\Local\Temp\6186fc16c91a534818c28551139718e0N.exe"
1⤵
- Drops file in Program Files directory
PID:1164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
47KB

MD5
26b6207f598cd7b6d9ab52fe90e9db5a

SHA1
38d7dab24e41a505f14e009a23cfa8b6e8bd921d

SHA256
b389e7d2d95635c00d91cc5246f84a8a83d036c63092cfe9ac6f01a73054ff5a

SHA512
10f04517852128774f43c9e587f4434f67cc5fa2964fa5987fd504d1be87c574c1c4a02c5a26ad9ca360790a30103360ebdfa92ef8854b4d3443a054c4c25031

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
146KB

MD5
156e1a91a9b2ab48d40cfb5ef41a1146

SHA1
009164e738243f12e6665519f05a9ddf4af32c8c

SHA256
21b49aec27175c30cad8ef988bceb18f92beea18d6f6ddda9478638c8756ff71

SHA512
fca1dade43f2d3b7dcd511c2380a935f2dc843edb9b7ffc6523235bfc064d40b8883008d27cc7c1e5bad09303ba0ea8ba4b2ad111697761f73592cb7dd2d09f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads