d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be

Analysis

max time kernel
45s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
Size

55KB
MD5

d41bc4f814a04723b30fe88e004b13e8
SHA1

3f4f82c9b7d6db7373d49928ab3796a54382f28c
SHA256

d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be
SHA512

dd420fab908abb1e7c7f5a74f7ab1834fbecf159b06860adb18fc92065431ca04093bc3c181667d427de378ae660b17e5bf489de0f211d0e5bda37e53642a92b
SSDEEP

1536:W7ZppApAT9mZ/D5zf6ydyf+abMkF24kzK3jbrCkoRWNkzZ/D5zf6ydyf+abMkF2E:6pWpa9mZ/D5zf6ydyf+abMkF24kzK3jn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1564) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsFormsIntegration.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\ClearConvertFrom.wdp.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe

C:\Users\Admin\AppData\Local\Temp\d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe
"C:\Users\Admin\AppData\Local\Temp\d15872ee8c82d19fa8cfc7388bb7ef91fb9b22c5e966fb39471d624b650061be.exe"
1⤵
- Drops file in Program Files directory
PID:3080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
56KB

MD5
70789a8d32bc5f04592918a79ce1e84a

SHA1
8c9c092257e1dde9b808f82095ceaa1d30fae64d

SHA256
c2c6e1c16fb9b8f17e0a73ffb28313e9f154a1218f192b12227e2210b2a18702

SHA512
e86ac7292a1bb6e95b1d914425994949b992030fb5a6ab0f734d5c14f3189a967d328d8895693038b8e40467924fbb709fb040ce6e18e14eb04eb9980dfbc781

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
154KB

MD5
66fb27266ec48f9465e7d8ee81efb5ca

SHA1
e2d797a40d51ece383ef8e8213b125d570abd851

SHA256
04699224835ab36797e11725f5a070fce8e92aef96ebfca9de52e1134e480645

SHA512
e7448321880b1c500a5adeb14e79957620283c6b2081e394d421c422de124ed0f56f84c3f3bac12390b153c175bc8f63134918231c5d5ca882febd0bba955d48

Download Submit