0e3270c0c0475538a3cfedff4cc3bda1f0c8d3ed4c8e100a680725afed6f33c3

Analysis

max time kernel
120s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 07:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

82db90856821651c45ff5045e384d6e0N.exe
Size

38KB
MD5

82db90856821651c45ff5045e384d6e0
SHA1

c8951a8932f489faefaedb4526ce2bcbe972e0ac
SHA256

0e3270c0c0475538a3cfedff4cc3bda1f0c8d3ed4c8e100a680725afed6f33c3
SHA512

20d2e1abd345df1f7a48d340da4151abfb36d7e7ec5dc01768e42c049673d89e55ccc2100f1b57cc81e785175b64f3cfc09754fc2df1157c6cfce287245701d8
SSDEEP

768:W7BlphA7pARFbhOm0CAbLgOBQ9oVLQthY2L:W7ZhA7pApH1d9oVLQtht

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4222) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\nb.pak.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\v8_context_snapshot.bin.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\pt-BR.pak.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp	82db90856821651c45ff5045e384d6e0N.exe

C:\Users\Admin\AppData\Local\Temp\82db90856821651c45ff5045e384d6e0N.exe
"C:\Users\Admin\AppData\Local\Temp\82db90856821651c45ff5045e384d6e0N.exe"
1⤵
- Drops file in Program Files directory
PID:2572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2636447293-1148739154-93880854-1000\desktop.ini.tmp

Filesize
39KB

MD5
c1aa20d0704c4a35cedcebd327f01f35

SHA1
6c6596fcec606ba84d231806bc086a60bf3a911a

SHA256
5447d78d90e49c98bb2666c90aa48549a8a6b885415107d2b9a4223689f617cd

SHA512
82a5566c1810156786d0ff008ddc6e26f063d9d37e1fe6aaab25c4977290c8cb0a5fc3049d9eb3526d60fc7da5ffe86015918bb3c46e5ea12c0d507a4e9d5d1e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
137KB

MD5
4b3318f88dea938f23bd19b513f26864

SHA1
a67c11d51adb72c8981c357c9f4aac140300bc00

SHA256
ac59a393c44b5ec33b31443a254a266e243f82f2b4bfcf10d2a81ecab31c7e31

SHA512
b5548b3cd17ce1a737e17485df9cfaaa2e93671fca5107954c64c1efb33047a298de7aaac10e934024679a3d19e4786ba298740b9479a405ec3ca571e08f5669

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads