0d21f7c1bf070c1424134e73bd7be7b9aa88bd17ff3620db22605b027d2efed1

Analysis

max time kernel
120s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0be6adc1d80132ed2990826b50aeef0N.exe
Size

204KB
MD5

c0be6adc1d80132ed2990826b50aeef0
SHA1

fdad01bc14d5365af2c12240abff2182042eed42
SHA256

0d21f7c1bf070c1424134e73bd7be7b9aa88bd17ff3620db22605b027d2efed1
SHA512

dc10577ecd0cef1cfab6bfe374a5728ddbd42cf0a3e96988fc689d64015b2e41741249d5292a622d04dface5909fbc432781f39debb6080168d2ae324060a172
SSDEEP

3072:6e7WpUV2x7L+4XGH3XGkR2SRXGkR2SnnXZXZ:RqpMHdXZXZ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3261) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.Unsafe.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\v8_context_snapshot.bin.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sv.pak.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	c0be6adc1d80132ed2990826b50aeef0N.exe

C:\Users\Admin\AppData\Local\Temp\c0be6adc1d80132ed2990826b50aeef0N.exe
"C:\Users\Admin\AppData\Local\Temp\c0be6adc1d80132ed2990826b50aeef0N.exe"
1⤵
- Drops file in Program Files directory
PID:4988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-464762018-485119342-1613148473-1000\desktop.ini.tmp

Filesize
204KB

MD5
9aeffa437d383223b3adc824b52f90cb

SHA1
3b5fa2e55057a4872c407491a6ccc100c1784918

SHA256
ec6855de6b103a35df155fe43ffd87a8782288cb30711c23b14dbf781ef8b101

SHA512
5a3c7c6ea33c31bf0f14eec286531f7d8df054a823b6030c0d8343e1793c3055556a5842aa8a97ba2b18cf7810f0af72887146c33089f77703ce80a00d660357

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
303KB

MD5
75353a449ab6347db3c6e1667c710d01

SHA1
4502019d8f9f2a9c7592dd81710e4ea3c135cf5a

SHA256
87d6db3f5032cc929a3c9506832b31f1ed5192305387012045c1727f8dc52d6f

SHA512
7ab057268d3ea4220c899179a9a16ab5b7a9f88993c498ffb0208da29a362f6b3412100e4080957874a9a7a94607970714f059f5b49ca85b3d9821c9993dca3a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads