97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f

General

Target

97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
Size

74KB
MD5

6de34059dadc2cc26f9470b19175aab1
SHA1

870ed251a8c03e84678efdb758a22c7bd9525596
SHA256

97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f
SHA512

3961e0878b18c0f2352ab2791984156b96a5373177c7e9d0be0fefd84b13d8fa557d6a03f3f8a974b6bd7abdb2d7233d351c6be787d97f460d72c4228d533c8e
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh0:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1584) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Linq.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebProxy.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlSerializer.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.VisualBasic.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ServiceModel.Web.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Forms.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.Primitives.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationFramework.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\dbgshim.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Primitives.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Forms.Primitives.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Timer.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.CompilerServices.VisualC.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Serialization.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Input.Manipulations.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.CodePages.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\ReachFramework.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Printing.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrjit.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\WindowsFormsIntegration.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\UIAutomationClientSideProviders.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ReachFramework.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.TypeConverter.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Xaml.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.Primitives.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Dynamic.Runtime.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Watcher.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Drawing.Design.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\UIAutomationProvider.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Primitives.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordaccore_amd64_amd64_6.0.2523.51912.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationClient.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Input.Manipulations.resources.dll.tmp	97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe

C:\Users\Admin\AppData\Local\Temp\97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe
"C:\Users\Admin\AppData\Local\Temp\97f5d44f59e02b0ea6a796b6d8a5eacd9ffda984ea379309b257e59d141d585f.exe"
1⤵
- Drops file in Program Files directory
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:3148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
74KB

MD5
bda712ec507c20d8a7ba2b744866e3f8

SHA1
a98ad66ebdc6a352aa40ab9e2a89f1e37b9e2112

SHA256
f0840a4ca6a680d2dadbb67df783de8a30bcad6b36802fca1e3524bc4d2a92bc

SHA512
1cba181bfa40863783f39a16a14f5c02494deff57024cb9b6538a6de5237ac1fe8900b71bca32d80a7dec314cf21a27b2f77361509b01c7de7c7d466284b9de1

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
74KB

MD5
815244af0b313e697557dc6f36f428e9

SHA1
594dc04b9dfca9c5134c157ee0c6e9c25714067e

SHA256
5c6c9199da23ea5fd8b995b9f4ae6e6add04a42e5c47c55f0215bd0b66ca05f9

SHA512
74c60e457e5d56d3d0c37634ddd1e886efa138b1e41036e649721a90ecaf0a2072ab9685fd71126b0c277ed72a88de2a808918abda4ccfdc7ec541bbc24a0721

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads