e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
Size

97KB
MD5

cd439e890f97360ec8d6412cefd7172f
SHA1

4d736b01a838cdbada1729f69dcc5912fed5dbaf
SHA256

e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8
SHA512

a38ec96a52748c29e09180ac3fd37b558a796e5ff07a5f49f3773bb6f3907aaedadc1963eb1366c113743923f386985da2d09045083f38e0f1d872dec1e3c9fe
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7f3:RqKvb0CYJ973e+eKZOf7f3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4643) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp	e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe

C:\Users\Admin\AppData\Local\Temp\e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe
"C:\Users\Admin\AppData\Local\Temp\e37f495535de7be8de012dccc269e27a69451fbca99e94fcd48b42269436a9c8.exe"
1⤵
- Drops file in Program Files directory
PID:3912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp
Filesize
97KB

MD5
4379cd775c7ac0f8d0952dbf9d6e4d3e

SHA1
431a6227074e6d6bea049574ffc517207338c75d

SHA256
923dbd06c3598d6678308a85a5941ce96b92f4753bcedd3d6c590d775c644a09

SHA512
bba09d4af053af9b7bac60d968368abf901de5d1a205b8b9327b563bcd865132f276dbdb8e62b522138e2c03995ee592490f9513351f67308a9a704c4c050b2e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
196KB

MD5
a32e10839306de61f72434b5772d42ab

SHA1
74e6aa5045b8515b46d1998b79629cc7bf94e575

SHA256
728dd2d920ac8f3982b0e5bb34abe50eb206950c37963b03d3616d0ddf31bc78

SHA512
fb1d40731e1a792135ae626081ca05680bc73190dea167213ec2b571f4deaa45edaff94172e930685fc37e653353a8e720be5938457f907021d91e123443ce32

Download Submit