66aa09d61870823389f182723a5fc5c05ed1e6ad017bac1c34e4591f587ce319

Analysis

max time kernel
120s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 09:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

98ed308200ae682f7a6013436b448d00N.exe
Size

293KB
MD5

98ed308200ae682f7a6013436b448d00
SHA1

606bd6e76cf3defb2c52bdd5921ac4bad5ba443f
SHA256

66aa09d61870823389f182723a5fc5c05ed1e6ad017bac1c34e4591f587ce319
SHA512

25b2f83a4fd3bf737a7e4eeaed848fa9a447a1f6dd94fdf344330e64a2370a75ac124919fc265ffb7bdc26d85120fb4dd04d5ee35b3cd8e21b05bbcbc9b986f9
SSDEEP

1536:W7ZhA7pApaX0aX09rDVMFDwU5LenTpnDr5LenTpnDRSfuYa3bztYtzZrZotYtz17:6e7WpGlCK1I17

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2314) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_pwa_launcher.exe.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\hr.pak.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\vulkan-1.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ro.pak.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Uri.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	98ed308200ae682f7a6013436b448d00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	98ed308200ae682f7a6013436b448d00N.exe

C:\Users\Admin\AppData\Local\Temp\98ed308200ae682f7a6013436b448d00N.exe
"C:\Users\Admin\AppData\Local\Temp\98ed308200ae682f7a6013436b448d00N.exe"
1⤵
- Drops file in Program Files directory
PID:5048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2636447293-1148739154-93880854-1000\desktop.ini.tmp

Filesize
294KB

MD5
c3a1f7aae26a89d97c3ed47641701b67

SHA1
54dbeeeaac39a6e20462ddf2bd216dbc854f2f77

SHA256
527de8f305b8898b8af3272659d4819addaf5704367e775747ef02aa473f1554

SHA512
a152e524cd3ddd617a6f182d52bc7eca0ba7079e2b5cf6b4005d19138372abdc80805fda43f395b6479a8fb68793dc033a447759006155a07bf4517caf8f288a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
392KB

MD5
a1bdf92595caf78374ea22de71ce7eef

SHA1
e3fe7b6ba2c0baccab2e299ebb241b191cda66db

SHA256
041ddb56b5a4cfd1dbd0f188f4eb0cf713f0aecdc925909e4903a22e68b5d0f1

SHA512
086308af84270112f6732aa11a3627f018297fe0e637c073e1061b83e2057d0e3a7d388daf7ff16d37f07bb9047efd46caaaaf2d59e094ba158f90b67f2ff0fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads