be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770

Analysis

max time kernel
150s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
Size

73KB
MD5

cfba3280100e72e2dde3e2b503683696
SHA1

9445d800c9090c6ed5b242610f4ec2b5e0ec10c3
SHA256

be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770
SHA512

cd58ae9f33af4ad52af81de3c8336033211506ecfb6002cb37933b3db056f9c878a1e98d1130d79ba11f8f80cda720044e9d5a0d957dfd077843649615c7c96e
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/HfFpsJOfFpsJL:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfF2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5010) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Java\jre-1.8\bin\nio.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\desktop.ini.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.png.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp	be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe

C:\Users\Admin\AppData\Local\Temp\be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe
"C:\Users\Admin\AppData\Local\Temp\be6eb57a8d1fa98595ee44d3bd819b1e8c8bd4f3b996a6bfe69bb62b08602770.exe"
1⤵
- Drops file in Program Files directory
PID:3952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
73KB

MD5
8541f7eff3b2dd7ef8e555a1b18bdd0c

SHA1
bb13bf5ecd8b0258f25b4be45820d85fa38117d2

SHA256
2ab30c4d364d89b3b6229aec11bec384e22f25be5f75beda2cdca1d29c35726b

SHA512
2e5a82a3c3f36040031fc63c2e80efd06b51e8b0bf6c4b98c10cb3d28e27b87ed4f83027a56780d8fe03dc86f40be927ffdadda7be553fe1fe71e6c0ba7f16ed

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
172KB

MD5
7fbfecb9eb35ea996c5f13f90b3c2f7c

SHA1
cb54d5fabfc8aa5bb95c0cf0a0a08c5a0e46b8c1

SHA256
4437ba97e44e4f57f8fc18d4139324bada21cc2324b838ef98e99cccd3749576

SHA512
63f7e62fc7f0d7cadfd15c7fca4103ae7260c0c1ff1a4dda839ecff1f9fb52f68afb5ffb70118111e49d71ced4b98b9046fbf04f49513fb23993a28cf889123d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads