ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4

Analysis

max time kernel
132s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
Size

78KB
MD5

b3c0a49182dbaf765c73a5d96e97378c
SHA1

7a2151a6eff49aab999a959a3b5df38e91f68d32
SHA256

ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4
SHA512

410a8d36c5e22caf2fa9526cf316664a5829ac40631b9e71524bcd0b4557ec04a788987d14ec47387635a59c8ae432f9c14965daba24ddfd1698d9d2fe72d0fa
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhw1SqJFqJ1:W7ZDpApYbWjIoPyPoLzV7c6Shw15+1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3908) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe

C:\Users\Admin\AppData\Local\Temp\ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe
"C:\Users\Admin\AppData\Local\Temp\ded9b43ec55645f8efc84d845c8b03ab7b4eb792162be9914560482414d56df4.exe"
1⤵
- Drops file in Program Files directory
PID:1480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp
Filesize
79KB

MD5
de04c8426097aab183dbce23c69746a9

SHA1
f39373be1dea7098a69c5c8b0c20f7bc7732b4c5

SHA256
0571b0039d685a6845ab6fd2001da57c6451c925b01fea5227fa49f4dcd58a01

SHA512
58051188d914c30bdf761d96f6b379ee607f85b2d46187d268f93f4403ee1724946d8a7d11f2bd9c3d98cafc647da79af6939d4bffae1dd7925455ceb4fe5d65

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
177KB

MD5
7aa73d6e9214f1050702b5467602436b

SHA1
c61b5ff6b51a629d9a510bc62d3886f2857acbb2

SHA256
9c39a9aa9924aad1143700ba66e5cd71228c762b7d0246d9dcc914ecddbcc700

SHA512
f463f40d9da5d625d8618c991c3c5cf9dd25b5530f38282cda5c788a0c73c3dcb0d60b145a0b1a84943014a8d0367c5142a6df28d10a8828784751af182a9f05

Download Submit