becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
Size

137KB
MD5

3fa1d1251017f175b94555bca9cd3872
SHA1

e8c8194633f5e736ba07fbca99830a37c5483bf0
SHA256

becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28
SHA512

105e35507b3b2452eceb0b65a728a6704a1d8d0895536bf5abab98d96c42595c76020f4277822bab80cda16a00bab4a966e1696251c8378867c4cb88c7205af8
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOf:/7ZQpApUsKiXBvzwvzXJvlwJvlJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4830) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.Unsafe.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jre-1.8\Welcome.html.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe

C:\Users\Admin\AppData\Local\Temp\becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
"C:\Users\Admin\AppData\Local\Temp\becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe"
1⤵
- Drops file in Program Files directory
PID:4368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
138KB

MD5
a57f75c3a0b96890cfc99caeaf3617a4

SHA1
e40f4edd7b0929fe6b7f177c0c015b84b98c0931

SHA256
219523468e0b129e25b2544d5e1333455b1083458284cc0e6c1338aaec40fe0f

SHA512
f6ac93336923d3dc1e2c48bcf19fb07242d951bb7900e5fa8f9ce7b2dc4f8faee1a3e8a9af8399a4ad6ea71aa0aa73ae99255e6514c0f0f9a6f8b0e306eafd69

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
236KB

MD5
f3f45fc1a0bab67956bd9b3c15c80aad

SHA1
90065fa858bcdb655ecb2cae78d235a3364a0503

SHA256
b2187c575864c11661f8e04879714c562f429ab02bd74ce415627c6002b6495f

SHA512
d3c3a23f1f457dc857ddc419ac506a0009beafc88560dc628d4fb36ef27b57af8d91ead3ae95ff7bfd5ef11613a2ce10888c45e330718d23f95a9351c34f5f4a

Download Submit
memory/4368-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4368-1770-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads