f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a

Analysis

max time kernel
150s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
Size

94KB
MD5

39ea7382865207eb376f2074357bcdbe
SHA1

a408b708071aeebda3a344f7ecf5dea72ee77a47
SHA256

f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a
SHA512

c0ada689281131fe3f28770a0346d5dd56de222ba746c6f291302a70a7d03108223f7adc547be309b0d18b3ecddf994741cab3e500a605ed805c3d84112b5e9e
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK2LUMTcTSbyEmOTcTSbyEmX:69WpQE0zUMTcTSWEmOTcTSWEmX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4741) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\external_extensions.json.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL020.XML.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ko.pak.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotelemetry.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp	f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe

C:\Users\Admin\AppData\Local\Temp\f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe
"C:\Users\Admin\AppData\Local\Temp\f9c18b0bb89ea2d412cec25141b2077f52e098a1b9373b6a4a3178463bd78e2a.exe"
1⤵
- Drops file in Program Files directory
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4372,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=3764 /prefetch:8
1⤵
PID:3240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp
Filesize
95KB

MD5
89efe786b98e1a1dca78d0fef70db923

SHA1
6a5dd26051d40c4bc08501c82045d39f909d9073

SHA256
d97b2112415248c694252732ef9c8fe6183c8f9100cd798cc22dd12dc68eab66

SHA512
251959646dc5740a402b649a389c6cd0df3c32ae3dc59e7560874ff839b60b83c81d7c1ad281fb03424afea80dad510bfd775cff76a57fdee1b317b763689f61

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp
Filesize
207KB

MD5
c979365990dfa60e0bbf56bd882e09e9

SHA1
1d4b5986ea2151c1f27fec14a05536c558c0c88b

SHA256
d7159d1c96933808597b0470ba3809e586d20ae5aa204f835eee03b6e6c31232

SHA512
673f0b3e1c5f08996c42724d63d4d69f5127099027b6bc509a5264a4ea070be1134fa8041e078739e7373578624307d2f456e79ee5b1b16f8e4d59cbc1a9bbb6

Download Submit