be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581

Analysis

max time kernel
150s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
Size

93KB
MD5

baeb0211296657f99038e55e8281b15d
SHA1

bc6c4e5428adeef42cf97c63db3b338256b39f3b
SHA256

be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581
SHA512

15f89aa69251100e0b26c0f90e2536ff59ac097951a1a1b094cbc6b8a4cdba086de926bbe75ce8ef4a0f3f91224f9e2da748ea92db0b711e1ed49875592fb6fd
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/i:6e7WpMaxeb0CYJ97lEYNR73e+eKZi

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4863) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\ExpandUnlock.midi.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\ConvertFromTrace.vbs.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OCSCLIENTWIN32.DLL.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe

C:\Users\Admin\AppData\Local\Temp\be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe
"C:\Users\Admin\AppData\Local\Temp\be9cbdac5a66d917fbc06368c2f957935fd4cbefba08841cbedadb4848f3d581.exe"
1⤵
- Drops file in Program Files directory
PID:4104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
94KB

MD5
336f61cf4ed009ca035840688988d4be

SHA1
9e142c8f78b4b8e8ac21e98e2582bcbd7bad8867

SHA256
c701ce9c53c47ce30d8a51635b29f7705d5e936f4a4fcfff38b85a53b7d77e96

SHA512
6fc94071839b324bb2017cfa4f921eb76d0b0ff8d69c95956b390a642b36a521c30ab6939681c214b05b392fca15983f0dd9a2a541321030a8ea391400e871f3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
192KB

MD5
6994099b56e07eb6d4e0275fd329304a

SHA1
6e35c4ae37f15afe9a3ed9f7467f69040ff3cf6d

SHA256
30b3a30bf25f52f474e5abb55fa99c6c3c939d8a7c2194d7eddc51ab0fc51c15

SHA512
ed96fd4ecd692711559e0a11e668ade32e0d50711b29257b2231bb4464b287bfadd7f93db92fc15f2a897bf0057e98da6161c6acfa6aa4fe7c038641fb6d6a50

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads