9d7b8834d8dd8c1c4eb9ff64535cf26b14e79b41886685705e551b126b44ce40

Analysis

max time kernel
120s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bec2a2b2563104b6b2c0ef58bddda6e0N.exe
Size

102KB
MD5

bec2a2b2563104b6b2c0ef58bddda6e0
SHA1

cfe9bc5eea31d9ff8e9b848539409ad6564f524f
SHA256

9d7b8834d8dd8c1c4eb9ff64535cf26b14e79b41886685705e551b126b44ce40
SHA512

e97a2d6c04189022f755427de3a29d1be7dc58ff2882a25a9924f5aa3f8ee1551708a99965515489a454d8f92160c4a1ef6bd400b538a2c197f80e56ebdeab38
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBt:PqFF2Ie+efsim2+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4366) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_sw.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClient.resources.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\management.dll.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	bec2a2b2563104b6b2c0ef58bddda6e0N.exe

C:\Users\Admin\AppData\Local\Temp\bec2a2b2563104b6b2c0ef58bddda6e0N.exe
"C:\Users\Admin\AppData\Local\Temp\bec2a2b2563104b6b2c0ef58bddda6e0N.exe"
1⤵
- Drops file in Program Files directory
PID:1372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1705699165-553239100-4129523827-1000\desktop.ini.tmp

Filesize
102KB

MD5
b783868f895a2954f7c414a401d30614

SHA1
1598ded5ccab2f1f5ba180c3b281f0879ecf421d

SHA256
c152bb246be75e002aa3745af932066608fb43267b25da1c0aef6cb6bfb1f29d

SHA512
b600cbabea28be19725f352103506d199b5ddee2e5a8813b88f3dc20c6b94b574d6a63819b830d2005ca67dabc122bd4a22245837899183b2b4394b271cfb732

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
201KB

MD5
4b032ce3f251919e95394be8c5a7880e

SHA1
c22e1b380f06d0efb1912b69bdbf333346b0efca

SHA256
62ff634fee01a77bbca1a49dce9f14ce506ac15fc6f96b5b58bb11fc4182d9f7

SHA512
20040784a851259e93672c7aaf95c6c144b6e6f307bf329e5254766802da294c93de07fde5226ab4cd454e727f24d4b5ba022dd73977a8c7d6a7d8e3ba930046

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads