35da5e1d14be5ab52a9130d72241b76a99b3a60850b0825bd9d9468001051b16

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46be54da9d7c3719b6368e37c121c8a0N.exe
Size

120KB
MD5

46be54da9d7c3719b6368e37c121c8a0
SHA1

7a8067053c93642745b4bd5530b3249a0ac1a09c
SHA256

35da5e1d14be5ab52a9130d72241b76a99b3a60850b0825bd9d9468001051b16
SHA512

b25a38a7de84be8256170fe26ca858910c18174f752ba1040137841ec4db9be2475bf5744e2e96687d91b8b128f94a6953a344e8dd71074649acdc2c65317fa2
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFgjfoA9wHpyc3ctuMpAbALeksSstPKWcGaIFR5s:W7ZQpApR5C+332nhnz

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4283) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationFramework.resources.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	46be54da9d7c3719b6368e37c121c8a0N.exe

C:\Users\Admin\AppData\Local\Temp\46be54da9d7c3719b6368e37c121c8a0N.exe
"C:\Users\Admin\AppData\Local\Temp\46be54da9d7c3719b6368e37c121c8a0N.exe"
1⤵
- Drops file in Program Files directory
PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.tmp

Filesize
120KB

MD5
57f684ebd52625f41a6edf97b77450e4

SHA1
7f73db0e4872f8cab716ec1b08384b66316eda36

SHA256
9d01d6cce8d1c917824c99070cb1ad84c80a34477abdad8485f2032badfa8903

SHA512
0d976c54d0de75423fb4716907b9b203682c58e6b62208e703b811da14f1c9c08a1cbd0f07e041ea5147db4706f33d6c3175ad09bc0dd0c8d7e6c3ab564f0b24

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
219KB

MD5
0e56056ce4da920e28c716338cca2092

SHA1
cf6f99a7fbc2c4091a8d4fe4af24ba40fcc4e158

SHA256
26d62e262bd3181720f8aa17ba2213fb2e62297ffd4c1878a7bdd6c47d814fa1

SHA512
bc6b5146d08ddc95fe9c0ae55f2ccd9776aedfaddc9f2a5edb0944a66071f587334e5319b04f7715ea001bdbb0b399d2ec9015e01f37ff9c6a3e11ee6982088c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads