d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2

Analysis

max time kernel
150s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
Size

53KB
MD5

9dd517587398fa4aa9e1c2e8421ea6de
SHA1

d6461be253d1b029f54ec1afc1f9cecb0d879fed
SHA256

d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2
SHA512

f87311b973386661a1f74487adf9ff8e38907364b0330c6a2ca7cad88025a041811ca31cbb9fc04df6a213db51a6e3af4a917ef2c7c859f9e2d9de94d51a8c21
SSDEEP

768:/7BlpQpARFbhtF1XxXEhk8/UairBanib+UairBanibdgu:/7ZQpAp9XxXEhpUaiN+UaiNv

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5186) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\DocumentRepository.ico.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ko.pak.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL097.XML.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\WidescreenPresentation.potx.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp	d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe

C:\Users\Admin\AppData\Local\Temp\d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe
"C:\Users\Admin\AppData\Local\Temp\d0f972900fffe87058f0665eb8fb9b4cb4d8f7b26ec5cc79fa998fc7067a0cb2.exe"
1⤵
- Drops file in Program Files directory
PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp
Filesize
53KB

MD5
2495fe1b82c3773dc0c48b1a9d1a7675

SHA1
0f319d9efe68c6ecc63e4180845cadca5035d018

SHA256
869e0eaaf86d8b333e30ef74f1f5681dd4eee3b83b41587ddd2096b173abe330

SHA512
724124d78a17b3d6b9075ad8c723fde80ecae2349320f73c7a9ea93e7a0033b482727ff6499f86c936fe56914dbea76d29baa514f97c5173f9fc297947ce6fe7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
152KB

MD5
c9f46a14ae184733cb30216fe24ad8d5

SHA1
1ba4f285f28cf553752b0d0e1ddaa32f2b24657e

SHA256
335f5daddb50adcba96ef11ca72b19872146b82dbb6b5b8c8916af9c959d8e3c

SHA512
62a5322985382a4117e1f9338547da57781f474ff15a362b064cc0a98d3da9985e17a6d90763d59f846d1525f5ac1ae415f5785dcd308c3103730c45a48d6ff6

Download Submit
memory/4580-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download