596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725

General

Target

596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
Size

182KB
MD5

7399a6562ec2c92ed804d9a71ad8526b
SHA1

1dd4dc8548a4ab175d7a2410509ccdae7e71815b
SHA256

596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725
SHA512

d022c6ccef29ffd651f2a292e7911457de800c075a6063e0242a7e3a852f0c733e54628c15babdd02b6a712f3264d85749197a87c7b7f6210e413a372e713fe5
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBAr1:RqKB+tOkWKR0iJ00

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4728) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe

description	ioc	process
File created	C:\Program Files\Java\jre-1.8\lib\net.properties.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f33\FA000000033.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\meta-index.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Xaml.resources.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe

C:\Users\Admin\AppData\Local\Temp\596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe
"C:\Users\Admin\AppData\Local\Temp\596d4b17834b49d8ee3f7dd882c8c8b5afd734f50b1ae2df2efc4143db254725.exe"
1⤵
- Drops file in Program Files directory
PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1132431369-515282257-1998160155-1000\desktop.ini.tmp
Filesize
182KB

MD5
8e038cad904615ca9928455958112920

SHA1
67cdb561b96430512de480b4496019b11efb740d

SHA256
e34480d0274376f116cb2825b32ae86431625853582fc557e85eb740dac029e9

SHA512
89160e5df49b379748b21682c115eca329e61b9051bdc4b5cf3703026c247a62a386718116d573f982d2022576101e699bd1e86630e0d1f8d992a05218bd535f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
281KB

MD5
38e3ef1081cff0111bda34bddc71f848

SHA1
2a53a6cbd1109b27a28466baae77fb7b8c252417

SHA256
1d03e0965eb1dce68a50f89d0f81f9d20de10fad2c7b518c1757eafc621699c9

SHA512
5671abe0cfc878c287de642c8e65a22af1e41343fc9a9e66463a6a99bba8eae005b09cb028c5fe6ca0d8ff721f719c03eb13a848b07ad279a840c59663f6879d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads