e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9

Analysis

max time kernel
147s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
Size

80KB
MD5

86205a20ddf8c9f54b0881c68cb55a39
SHA1

d8e77de055619b7b40a62c12f88e3b5ecec90378
SHA256

e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9
SHA512

fbff6ef725d076b2cd25ca90893544bd3a740d2da2cf2369c1dd91ef59b0a7717209259779805eb61d907ea1426c8e894397287cf58d2bb53a29ded2865f2848
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmh1444REXBwzEX+:W7ZDpApYbWjIoPyPoLzV7c6Sh1Xk

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2698) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.Registry.AccessControl.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\resources.pak.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Java\jre-1.8\lib\currency.data.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nb.pak.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp	e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe

C:\Users\Admin\AppData\Local\Temp\e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe
"C:\Users\Admin\AppData\Local\Temp\e59db29233c1f942c5fb2d9b174083215f54c44076272c418ff7b39ba5ed01d9.exe"
1⤵
- Drops file in Program Files directory
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4268,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:8
1⤵
PID:2060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp
Filesize
80KB

MD5
55e3d427b5e74ae911819f2cac5db4b1

SHA1
ff91e53e27ed224aa4f9bc5b4569ea9009c050a8

SHA256
ecd05b2372579d713c623fce30b52129b56a3d6d1f8a72da1c9b546e40548170

SHA512
3dc5efa4691e5d309918e89e591ed0cd462ad8f2d1945142f76d35af0f0a19bb56bc951ee1f1a682828f262d98f8b16ae075c58a611489ed9811971ed8997551

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp
Filesize
193KB

MD5
558b22231fbc7ade94668476c8261eb9

SHA1
3571920b53925b1ac72c4b8d491f3bf2fe1a3692

SHA256
700726ab015cd0cc22ba5b9e25af5ad7465e82a26a74ce121e100de3abf8b001

SHA512
20dd81edefe6384f47ee1c56795dd6966969dd8faa75c95b4f1fb1d0d5f234e55e9dd190e53fc1d07b4623735aa728502b3eadbb632e6a07402b3e99eda1bbfc

Download Submit