d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
Size

43KB
MD5

3d9b7f5750d7c0799679c5e3c4bf9f69
SHA1

9a837732b77236c83d40fdb73bf150aab7083f3b
SHA256

d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e
SHA512

6262e91a7a5911fb1b51aa26ca148358dd84ca388d9dd7ea035fe4dad608108b6ac3994f4fefecd4d029e5cdf6e71146e9538ef602ad6f21e0219d154bacd35c
SSDEEP

768:W7BlpppARFbhFANJKaJKDhZ/D5zf6ydyf+abMkF24kzK3jbrCkoRWNk+AhZ/D5zt:W7ZppApoJKaJKlZ/D5zf6ydyf+abMkFC

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4848) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ppd.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Xaml.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\personaspybridge.js.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe

C:\Users\Admin\AppData\Local\Temp\d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe
"C:\Users\Admin\AppData\Local\Temp\d8d98978ce808783fe2a9818e4e853db56acd3087479f762d82d2ac38472984e.exe"
1⤵
- Drops file in Program Files directory
PID:1840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
44KB

MD5
3915f0b6d43de7993f6bcf5268e9fe30

SHA1
bb84e11c510bdc2dbd9a2822715c29f41091cd8d

SHA256
4b5b8e5fb4694000653fc03186082db5ce4d7015abb11cf4d66e75e27e22c90f

SHA512
79f6f92fe24c091f87ad5ebf9febb59789838ef5b41374f8373d6f09c69dfdc9902a5782e182623f90ece46e6dfc042d9ec0be20af57b5d02fd52c38364d18f3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
142KB

MD5
0e0ee06c0e7493546edcd45e121b689a

SHA1
c40b209c35df6e73ea62c9192e26f52da077ba4b

SHA256
0fdc9e3fa7fa0ef17be7c48ef7655706a98b6badaebf804987b69be05d55e557

SHA512
c9d60c66b0bf2427ff82389721539b4df6500356784fcf9c9864b918573dc09d7f4f3980bcd80cd96682c770c1118de036c4d1cb0bf367471bb66a875dd4a46d

Download Submit