da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
Size

56KB
MD5

ce78daa749d6a75f8a204912837e3398
SHA1

efa2f8a7b554ea5df8855b82cefac84520a40370
SHA256

da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7
SHA512

11d756a526e4bbad9f08db915f0abdf85727c50da1dde7850d9a208b123d2a5c44a1b88bc15a2b45015a071948d38277ac09a8449cf3a98faecae00da5e0d389
SSDEEP

1536:W7ZppApAT9mZ/D5zf6ydyf+abMkF24kzK3jbrCkoRWNkzZ/D5zf6ydyf+abMkF2A:6pWpa9mZ/D5zf6ydyf+abMkF24kzK3jD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4693) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp	da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe

C:\Users\Admin\AppData\Local\Temp\da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe
"C:\Users\Admin\AppData\Local\Temp\da59d427cb5838518c5313973ca19c2b49199c7153c80854b742de801e40b6c7.exe"
1⤵
- Drops file in Program Files directory
PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp
Filesize
57KB

MD5
f20193e37dd163157207467f27890292

SHA1
9729f39aee333ff1d4caae9e69ddbc6187c3ee36

SHA256
626863b3f47324c1c5414945d83f1a8c45cac3c5eac112f2cb354691ff480c29

SHA512
c64d0677f5e761837564885d8e64f2e2ecca2deac9612373234cf7627755c9331dd2d93060d6704d22a5eec89aba2c57686b59405b91b4c4c495ce4cca87a799

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe
Filesize
155KB

MD5
5911229c5ca470021c26d0e154bb6753

SHA1
a2f69e59935ceaf404f072ebaaf5112033c4e2d6

SHA256
3b5c3be7c9c43d75429468896977ef69f37d2ba826c42d86b8a44ea87a5a38d1

SHA512
595f88f180de0d1ada02bab89a75a79a4d19ac62bc3ec846fe95f7dd50c2b87ab8bd7414d2f468356e358a8e25ceb4506c884db778c3421930e971d4eedd6840

Download Submit