d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3

Analysis

max time kernel
147s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
Size

81KB
MD5

a93f55a327a84853cc402a267a9572a2
SHA1

09de6f59ff83a68fe6c349fc9796ce40dc06345f
SHA256

d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3
SHA512

22e5f5fbb7e847ee0cce695d05b3f2b67ac896e0026f11dc225cb82e9bda04b9afd65b308c86831f395db71e9d50f3cf82921b82326ed5ab8a46353c35898b67
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhw1SqJFqJbOB:W7ZDpApYbWjIoPyPoLzV7c6Shw15+G

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4877) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Cambria.xml.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL096.XML.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp	d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe

C:\Users\Admin\AppData\Local\Temp\d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe
"C:\Users\Admin\AppData\Local\Temp\d631257d449540c452514318d8f1c14c8d2d9abd0a8e2639abe803a6c4bf1fb3.exe"
1⤵
- Drops file in Program Files directory
PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp
Filesize
81KB

MD5
e6b96e52956348a4139a2eefbd8d8053

SHA1
d1737697a422777b79acae3c3c9d2a6f5204765b

SHA256
2e337539fef2f6e0268e469c73bc32e0fbf29a98c640600a2e7333824839b072

SHA512
c90614aff9655be8b4ca4d8ebd2b43ce818968c694dec6d2d6a92a59d0a93c3e420d655b6fa089f79005719d745ee8e11a2a79177fba83d3984e5bb74a3b3c21

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
180KB

MD5
c3a5b2b552bf4bb40d41b202f3f9ccf5

SHA1
19afdf9f0d13a88b339133606dfce9df2923bcc1

SHA256
9c60d538b7652582d3d8cf39d337a01de752355481210321c3c260e9ada617a9

SHA512
2b0a7ca640b6d0f55a203b1a5926901dd687f23ad727f89eb05a4962318b612783a0845c7f956e3b724175c54607e95cbd12cf1a7da9d03fc5f9fc127fb2650f

Download Submit