0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 18:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
Size

48KB
MD5

1b3877178f9d1056c5046fc34a531cdc
SHA1

b063efd8da013f966507df0e7f28c30564d2b097
SHA256

0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc
SHA512

e6a2f75bd29457e40d33330e15707e313795194047c60ebd16e7ec2bb0a4f7acf26d4f51dfdddc4ed53e1367c01e0567334f90f200da574a7f1702468c504cf6
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFkTfq9TfqelI:W7ZppApBULcfpHLcfpyDc2HlI

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5011) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\ReachFramework.resources.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationTypes.resources.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\et.pak.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_100_percent.pak.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Xml.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicudt53_64.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe

C:\Users\Admin\AppData\Local\Temp\0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe
"C:\Users\Admin\AppData\Local\Temp\0fbef5c034f49001f8a017dcefe865453d0ecde22da074331672fe8e5c4552dc.exe"
1⤵
- Drops file in Program Files directory
PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-47134698-4092160662-1261813102-1000\desktop.ini.tmp

Filesize
49KB

MD5
3ada25ebf54426cd8e81ebf8b63176b1

SHA1
31c2762fb34607fcf83b8b383538fe4f31d9e3bd

SHA256
92af94da241236f160eb838f74e42dfdd0971d3ab0c53408802612b12f886b56

SHA512
764d9bfd21f87208f623d2cbc9202ea60b4035485adcbccbc88491dc47bf36076c8402d62393b1c0d6fb6c71573f40a8bfd62a3a28100a1b2ef93516369d878e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
147KB

MD5
ee8fe15c72f0fe47f30ab6ab3177e764

SHA1
7fef5ffe92e8e43507b47dd687ea73713ea18d59

SHA256
39648a2b754acca8bf11b981cc2d1f633a5a406ec2bf24e5fb6c7a3a38a2dd16

SHA512
7b626da62ea0f0d0a432057daa72a7ec377ab07d695db0c3ea8efda18b3a03350f3dee24192416b24ecc24e24b239cd85ac31a0442e6765623e85820f4967044

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads