6aac79720fc620af97250ace1597e7d66fc173a28cb6f9694abc5369066fb93a

Analysis

max time kernel
120s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 07:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8525014448429b88286adcad88669510N.exe
Size

45KB
MD5

8525014448429b88286adcad88669510
SHA1

1df7cc9a29c4d2df6cf34f8f4cc46f842ae78b4f
SHA256

6aac79720fc620af97250ace1597e7d66fc173a28cb6f9694abc5369066fb93a
SHA512

d5d79b465476be1fc83e3b1dd34cfa55b293e6aaa620bc70a2c538a94c5bc04fee85b68d1acb8a785617224a53547977eff6eca5bf06452844a77ee90ec03bcd
SSDEEP

768:W7BlphA7pARFbhOm0CAbLg++PJHJzIWD+6/huEQhuEzFE:W7ZhA7pApH1++PJHJX18EQ8Eu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4313) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\fi.pak.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\SmallLogoCanary.png.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Java\jre-1.8\bin\nio.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\es-419.pak.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\nb.pak.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	8525014448429b88286adcad88669510N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp	8525014448429b88286adcad88669510N.exe

C:\Users\Admin\AppData\Local\Temp\8525014448429b88286adcad88669510N.exe
"C:\Users\Admin\AppData\Local\Temp\8525014448429b88286adcad88669510N.exe"
1⤵
- Drops file in Program Files directory
PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
46KB

MD5
b9d6045622e5472d7f9db4d608747736

SHA1
e30b35a9029435dd78c166744d0cba446e26de4d

SHA256
754f6485d5f6f5219f16df365a30b80e8c7f1168060e3079eca86da05c41ca2b

SHA512
a38bab1e202811588a463e1f1b9763321ed1c8b910b5eb709d5d1e47c07bd8359665fc54323eb2882d8b2f9852712f9807d3007fef370b2fa31c66a067de111a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
144KB

MD5
7a405b85485ae43df0c59d0558072053

SHA1
0b2ccad27628c86a99fb07947a93f20925a965d1

SHA256
f93d750031712b250a11904e34bba79f1fa8edbf8d64baf00b70170c2fbaec81

SHA512
36aa12793d99b34d8f02be3255833f2593e6b05eb73efaa0611b9964243153c563aa0c60f0925a6e40690a337ff94db12229fec73343256834501514020b70e6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads