cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
Size

37KB
MD5

9dbf86b736f3cff13580078e35eb1684
SHA1

39a3340ab33551c33336cca3f7a2f3cae41fa285
SHA256

cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c
SHA512

8d1ea20fc66dd2440f29394b926138a3545a107927fd7396a01e5eab0e66a26acd9b32ad6fc25f7b33f69ce94676b4777592a5d212baff9b24d68b47702d6580
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNQF0e3ZiVnDane3ZiVnDaR:W7BlpppARFbhHF0e3ZiVDUe3ZiVDO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5032) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.White.png.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\MSO20SKYPEWIN32.DLL.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe

C:\Users\Admin\AppData\Local\Temp\cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe
"C:\Users\Admin\AppData\Local\Temp\cbb8fce12aec8122aae2c1d05181cb29687a2bc95767166fe8beeef99c7af73c.exe"
1⤵
- Drops file in Program Files directory
PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

Filesize
38KB

MD5
8b623be987eb30a5c2266336e8f599df

SHA1
d275affa9058415ed0946080cd1e3d61c839fc37

SHA256
239eb49ee2b098f8123e3c873e59274de317f86b57fc0ed74743fb1641d9eead

SHA512
4786e2bfc1df90841525792b26c672972553ffc95aa4ebc51ed858bd9823e3ee3916e96c9c2d6ee3df7b7a31ec56ed28c1acf4f1aa2f0ee8f6eb61045e07d5d9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
136KB

MD5
f8971183b57b96e7ffc2086b3ca98b6f

SHA1
023f07539709c340349abf434616f3a8c38641b5

SHA256
36683f75bfb021c730b84b37e4411a64c5e5c4d6596d9449927bafb30cf3a630

SHA512
77bdd60a030a748316c6971725057edf768a9720d1617f3a823aa8519d8682483f028e334ff29ec044d2ec22af2fd392c9c12de73f82e0137f31e0d7c52eac8a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads