da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4

Analysis

max time kernel
149s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
Size

99KB
MD5

ac66aaa5f96226de63c7d75f8f00c3ce
SHA1

2e02ec57f5f0ccab873daea6ce9390e47f1a46ad
SHA256

da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4
SHA512

2ee2c0b0ded9a1479d8ff66d260ed7fb0a22ddaa5383d9c11449f50de904d38c00d48f982540fb410c613e37fdcb472e87be25a30a05a91146dd39f84733545b
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB+:PqFF2Ie+eF1S/tUS/t4JL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4617) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIANEXT.DLL.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Java\jre-1.8\lib\net.properties.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoDev.png.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe

C:\Users\Admin\AppData\Local\Temp\da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
"C:\Users\Admin\AppData\Local\Temp\da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe"
1⤵
- Drops file in Program Files directory
PID:316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp
Filesize
100KB

MD5
ea650fd815a1eb5ae649d30eb707573c

SHA1
3c28602201a3ce0392bf4424692bb3adfeaeb1ff

SHA256
297618645296624c1d6a3371f5989ab1dff085f15bad3083bef02e78144c38c3

SHA512
a7c58422c436a0a60c097954962e76a2f189b63bc8e2606df9e770af007495b41c385840820529ce515e92916e02ed7f742ee3cf1c1ecfd5f16537bb1038ddbb

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
198KB

MD5
7003f2e9cd3a5b64d49c22667922f05a

SHA1
fed7a67bc0d8a2b3012538f75f66bcff02bba2ee

SHA256
5e98af825b30f99a41e8f654787a1b5a91820536c7e74b578999c3b8f9a4ba1e

SHA512
fd2aa4d215114ed434ba74bd1912c28135bd662d8d4c3323778db266c4dbb8bf94a178f4d34f1240f916aa273633e150602e67970fe2f9fe4c171f1026a3f45d

Download Submit