b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
Size

86KB
MD5

b6eedb5a19ed02c8040cea41f23e0014
SHA1

3ddf3009c11f8395e72a09a76edc07a14abe001d
SHA256

b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa
SHA512

6230d688ede35ce6af1f45df0ec6da51441b707616f240136dc33bcc42f79f85fd4308c9cdd89acaeea466a1261fd66e37f8f2675665bf917c41c8ff63620c9d
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76sI2INZ/D5zf6ydyf+abf:6e7WpP9oVLQthbYY9oVLQthbUvy3NZ/2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4920) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunmscapi.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe

C:\Users\Admin\AppData\Local\Temp\b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe
"C:\Users\Admin\AppData\Local\Temp\b83e85d5142ee36763b5d3c29d62773879c8e9436100b57a5798d722f534c6aa.exe"
1⤵
- Drops file in Program Files directory
PID:4540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
87KB

MD5
78b5b2a70cf35122c3a61d0fea200903

SHA1
a3b0eda7cc9ce1343dfeb9d37ff243aefcf92972

SHA256
421ac548ee97c507fdc3f9136ae03f992ef9ca352b66f2f64962e062dce1f872

SHA512
8f08bb4e89d211a4862888a8084cafa6d2e8f0b9ae8c7cacdf0fe61629c42eb5c3cbfed630ef54270f1617461c8fb2dfe0450b03f3efd08aa56858db1563a4bc

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
185KB

MD5
6131a617f6fd97b5ad300c544f9bad4b

SHA1
6a0d2435d06764656b329b78a599cb3616f7bf2a

SHA256
e2b1d05bf71c42f60b108ef9325d2ded9b6569c9052c6cd38d399752fffd6ac1

SHA512
d471ef3d98d8b8bb016e58ec684379e6cb1c0ce15f31c6461d9def6fbffd03b8f1f840065f3db732eeb3a92ad0d7012e5b3e245220067c26f83637bd8c34de39

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads