46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8

Analysis

max time kernel
149s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
Size

73KB
MD5

ddbe4a43f24fc45767cb4816590b453b
SHA1

090790121fbafd7eff41689a471c80a882ef7030
SHA256

46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8
SHA512

2afdcd762e9102266054b5737a1b350bebd321c35cc9c26b65e6e048addf9076586b38e68695e123ea166732ed73dab06e1fd17db645b038d511d4812bd03dad
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tryF:6e7WpP9oVLQthbYY9oVLQthbUrt7tryF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sw.pak.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyResume.dotx.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp	46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe

C:\Users\Admin\AppData\Local\Temp\46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe
"C:\Users\Admin\AppData\Local\Temp\46bb5a748354ecb555fa19fd65e2934a9e331bb1cd82a8147deaced325a31fc8.exe"
1⤵
- Drops file in Program Files directory
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4092,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4088 /prefetch:8
1⤵
PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

Filesize
74KB

MD5
ebd128f170dfa797229f749807d273de

SHA1
a697fd9cd406344f27d415321f5ce25c3205f790

SHA256
90de8043b7770e329706d8edcdeb6ba158a86cec64ac0a022bcafb95077069d7

SHA512
25486c2c234ff2f623079b6282f37bfe684f15fbc361af4640ef4448f496abafd958c63ee7f422c08c35ced0b1e8922fec5be4ee5c7333f956dc7d35a7ecda4e

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
186KB

MD5
7b404c6f83a2b999c42d1b67b436aaf5

SHA1
3fbdbf1a5c3e30eb95556e00d4366f466d692e40

SHA256
92ed2eeeaba71166d916e081b2603ea15dc279e78bf4ecda4c8b7f920def448f

SHA512
bb7e1387d9c13dbd7693056d01793cc77a1cff5ebe4422d3754e1aef7b200d4f20ac3d9173c4d14856acd166baa19e128af8ad19b2e6792076798bd62f994476

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads