5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9

Analysis

max time kernel
150s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
Size

68KB
MD5

9a288e321ed889d6581c7a28f4f164d0
SHA1

f6956022828b8e88daa74ce5833a0bd58725dbc9
SHA256

5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9
SHA512

678f943fabd9a65b113397e72a8f4ddd8f9cd3637c1251dfdd3f1055d983826cf48c7cd6262c992dae2645fc126b206be141c938a1b808efda457bc732882100
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyukfvw5R5l:W7ZDpApYbWjIlE77ulTL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\EUROTOOL.XLAM.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ta.pak.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\desktop.ini.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Xaml.resources.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp	5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe

C:\Users\Admin\AppData\Local\Temp\5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe
"C:\Users\Admin\AppData\Local\Temp\5b456c7c27e9d1efc91343cf6cadcd67bbca1db28f1e0f2255ebd511f7d515f9.exe"
1⤵
- Drops file in Program Files directory
PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-877519540-908060166-1852957295-1000\desktop.ini.tmp

Filesize
68KB

MD5
f054939de4d189f6360c1a8655f9e6e5

SHA1
a7a668a5b2035787704a94c037867753397e0cf5

SHA256
1211164db77812629c12e639f694a3048c60c08a95c6f503aca8fc779768ca1e

SHA512
7418ba4d12f9d75f0f99a8b53c83d5d7fc0a26662ac3d95b627b666c4f4ce389b3e765319fe67143368cd8953ee90993599e2e89184a0c43badeef3908375a07

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
167KB

MD5
918f02f0e8663dbb6d9cccf7ee26c189

SHA1
655fbd0dc964a039be7cfac28cabc4c9bfdf2759

SHA256
f1165f257228754bb0464903cc9fbec90db5d490c2e914a1a1689c100573ae4d

SHA512
13b4c51bb90baab77654dea5f634fe37c9c8f5567632ecf84d9f05a22a8cb3bc1550b9ee6b696150c7dd63703f4bd8e56683313488b673d14f969d2165fef4bf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads