6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743

Analysis

max time kernel
150s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
Size

84KB
MD5

802296291072dd3d22952080f323c9ed
SHA1

3e286ff4b47259e53ec5093c31f4f10b73a4ee0b
SHA256

6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743
SHA512

956cd294ed0382e9d71875d00569fc48ea37fb5d1cb221910127149fc8a93d98feb6e319618be9a64a67cb81879c856870d03dcdaa1d45af5991b638d88de609
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReY:W7ZDpApYbWj2WTWJe+e/qw6h

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5036) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\resources.pak.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.png.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Java\jdk-1.8\release.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8en.dub.tmp	6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe

C:\Users\Admin\AppData\Local\Temp\6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe
"C:\Users\Admin\AppData\Local\Temp\6be2f6984ad4c3fc3c2021e1a1747a12e8a98f60b8a5cc906e4cea0bdc170743.exe"
1⤵
- Drops file in Program Files directory
PID:1516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2818691465-3043947619-2475182763-1000\desktop.ini.tmp

Filesize
84KB

MD5
26b535b24ce8645d5439a80470b9f217

SHA1
8dc6e87e71992f8364c974951645ea8607c2549c

SHA256
15f292a275bf188eb51ed6cb248f91fb99a90dabe97db8b83d3c99e89234fb28

SHA512
e7859db60191139ac1ae3e4997817a3bafed0f67cb6d6ebe2ea56897ad07d247a0c22519b2dcb5b24f3fb4af45149d47caf503854f6f3136f852107f1aa1a423

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
183KB

MD5
e50d32285a78130c0df0e919e538c756

SHA1
40daef033c7919e2f40f4f6566bf56bbc0181c35

SHA256
fcdd5be20b4747f61555c3c979f9cb3bf4cb775c986de8afdc5b4c566b774bb1

SHA512
ea366eb26322887a464b8817b72ebf3e234ed42b7808b693bdb122231fe125fd740d89236c714f4e6698d466e9c84c9a1d47da89e7a9f86786e43e83ceb5700e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads