d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375

Analysis

max time kernel
29s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
Size

82KB
MD5

001f9ac5793f81eba32f8508c9ce6f8a
SHA1

7c007d692e3f0d4ebdbf125db275ced879562c37
SHA256

d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375
SHA512

9b2b0de98d0c75d8b8ff4f07218fe6b6ce545dbb7cf89d3eaa1378386d72537b487ee1b99efcb4b1a7b90399c674cc51cb47058ee7dcd71d3cd5bd8147ef61ff
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhLb4N/0wuDz0w4:W7ZDpApYbWjIoPyPoLzV7c6ShLDw1w4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (743) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp	d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe

C:\Users\Admin\AppData\Local\Temp\d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe
"C:\Users\Admin\AppData\Local\Temp\d8c3eb8889a618450e53820a8ba4e8742f6b0a890a67b7efd29fac69a3afe375.exe"
1⤵
- Drops file in Program Files directory
PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
83KB

MD5
ef759638a6da6817e4b29de03f4b984a

SHA1
9c36895281e024fd17d4492d9ccdd51f6ac2c1a0

SHA256
42752d4c8379a01afb3c77e55339f7af91d82235452918c12f94e40563e2fc86

SHA512
84906359d9a2aeb6ffc013ad7cdc1a64de6200f3cdc93b7c69b3e76b3e5c4749c64aa59db9acc4bcf804f9459cd71159918056e720b21a5492719f767920858b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
181KB

MD5
5fbc411e011cf62d049bbefa7a3534a5

SHA1
471909226a04b8a8346dd5c9c15320ff7c1963b3

SHA256
50a7a9f4d466285c2edfc0a9813c30d7b2c7030b0f1b10378a409dda62733a9f

SHA512
a9274a55014b54d601199184dc284bad010e5335b60ad670580306d904cf3f70034a8625012760dae18e7fbdcf3a2619e90af81f9a37f77db161b0d74c3bc269

Download Submit