b56008cb24ff28395c5e24d1e2c300343a0fabaae054e85967760468dd0f3eb0

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 08:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4456864a8c13adeeacd74f7662c3f60N.exe
Size

72KB
MD5

b4456864a8c13adeeacd74f7662c3f60
SHA1

a8040b83bc4eade6de980bae3f7a889870c229f0
SHA256

b56008cb24ff28395c5e24d1e2c300343a0fabaae054e85967760468dd0f3eb0
SHA512

7a5257f54c087da591e4ac4b56cb71c7205afe4c4aa4fc32a5240cb4c9309f4c154e4e9dea228aa87e2b4a70571cd76477e46271650bd6584f309e9178f513c8
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+ejy0Wjy0WY:6e7WpMaxeb0CYJ97lEYNR73e+eGGY

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4371) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	b4456864a8c13adeeacd74f7662c3f60N.exe

C:\Users\Admin\AppData\Local\Temp\b4456864a8c13adeeacd74f7662c3f60N.exe
"C:\Users\Admin\AppData\Local\Temp\b4456864a8c13adeeacd74f7662c3f60N.exe"
1⤵
- Drops file in Program Files directory
PID:3656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1705699165-553239100-4129523827-1000\desktop.ini.tmp

Filesize
72KB

MD5
50d1717ec262eeba431cc643861c3134

SHA1
3ea5fe12d89f9d3c96671adc11ffcc8f52626446

SHA256
bce4b529804e230332c55fb9c671bbad6490fedb5932464ebf65d4f9f27a4f75

SHA512
3f9b170740ff416bf21ce9cabd3d913fab5d870a9457e1581a21ca686911b4c5d8800a462cf2fb11e51595d65ede56bb5d65a5e8a1c36587388c01048b2f3c7f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
171KB

MD5
c4a4179aa3fa986a24dc4d8d9f85d75e

SHA1
42c9269c1561258214967961a402cadeb71cf081

SHA256
4219fd7f4807e0b44497d79aef2d1b95c2e422808737964f9894f783d8854dee

SHA512
f09c3d6e3bf2b6ae8fa24b6b5fd036e22a6a73c9bde1bfcad10e5d7cb14d60caae4af1bb3ae82119fd702bfa7faeec2e0213efe18b4a8776dbfa8136dd6edf5c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads