75bd86d6d1e6d66066c095619ef1c9f7623b4f2b811d386bbfcc172d45e7503b

Analysis

max time kernel
120s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 06:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
Size

56KB
MD5

78f35d62a1e1e6f0e5c7d07d7bb0a700
SHA1

acbe8bdf11dd86ebcb5877333046de7a0f134d12
SHA256

75bd86d6d1e6d66066c095619ef1c9f7623b4f2b811d386bbfcc172d45e7503b
SHA512

46d245a416436f4bff68ff5cea8ee8cddde4483877a2fe098d73944dfd3d6f44d8faf4580e7822c4b527c533fff2d3a2346fc1d9a6cf8f20beea3f6fe063ea13
SSDEEP

1536:W7ZppApB7tlJ5OvtlJ5OwF7CujdyGdyMMkPMkspqpy:6pWpB7tcttFOui

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4360) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\lt.pak.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.Vectors.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp	78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe

C:\Users\Admin\AppData\Local\Temp\78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe
"C:\Users\Admin\AppData\Local\Temp\78f35d62a1e1e6f0e5c7d07d7bb0a700N.exe"
1⤵
- Drops file in Program Files directory
PID:1504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.tmp

Filesize
57KB

MD5
9ddf007eda0a85ea18d8668f5d39f2a1

SHA1
73497d53c2338228c2c9f443125325f993400353

SHA256
f1d68ab556eefe320b08141c14d368dcb4aed5e148b7425aa357fd0463d83423

SHA512
95ccb26e75fcb7346e94dd84514812d9261f30893050618d8ed2c696e97b313cd8539b30358bee44344bca8e90fed6366197f82694572e2920c0ccef514d69ee

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
155KB

MD5
b8ad709450a827bb4f1f0cf23506cdc7

SHA1
e184859636add8bff34b813edfe58a7327756d48

SHA256
246b4a5b5ed19d466f3aa10539abc7f054be54e194d9c5ccf3515baa341ece83

SHA512
0cad9cfcb930ff6fc1af01d20dbf61521892085c0383e62c8a7eb695bf266d07b4c329125fd67c845d80964134f0ec28c47318f5e0c19df550db90a51b04b607

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads