fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7

Analysis

max time kernel
150s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 04:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
Size

45KB
MD5

812bb0ed99f63f01aafa2810185cc958
SHA1

0229ba2aa08376591249cc5ab9217d00775c9a5f
SHA256

fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7
SHA512

40a51b7cc9e94da0af06bb5098c36ea7d244e2302dd9beb43368ae6317a5090a08c416e4f28157893386827b2d493994d79a331b9a9e9fd3c2cee524d7d91651
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGBJ0CJ0Y8Ei:W7ZNLpApCZrt8PWGoPWGBJ0CJ0Y8Ei

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4726) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R64.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp	fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe

C:\Users\Admin\AppData\Local\Temp\fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe
"C:\Users\Admin\AppData\Local\Temp\fbe2a62bc3c55418731b76859e9565e6683fb70061a2af5d310d46caeba208e7.exe"
1⤵
- Drops file in Program Files directory
PID:4320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
45KB

MD5
e76675efeef42fae72d3f56aa1047975

SHA1
0204b93da9f78705da21bcfba0de1d6534dc92df

SHA256
4b0b6259e9aaba6822f9c6cf4915373c9c02b39b6a0b48cefa1b9ed4c8028d83

SHA512
54b89f3f568e158855c226e5376cf806c737fd404d002903b1e44e0b31e8bb947adaff288af0be37df886be357446e343b887366733bb93a6962d6a358a57e9a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
144KB

MD5
7331d7428a6da3f5ed00e55165d9b330

SHA1
54ef514c7ae6e089475d96aae0d62eb856c441e1

SHA256
1e24dfd371b96b06faad05bedcfa017d578ba97ae359f88520c81228667e6f1c

SHA512
f4be8ed3c415d7a37c4d8bd6f9d3df641510b3cf3c2f442e75befab61cf39f68ddc1872e80666c53c542a8d1f80def55956d865fff2436a709d34f18db48712a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads