88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d

General

Target

88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
Size

93KB
MD5

7c40316771ea9ccce1fdbbec5a46bcbc
SHA1

5286adb6a11516e1b269ec95bd44d915983575f6
SHA256

88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d
SHA512

ea9003e76bd1e18f8e4470e06dd62f4f616fb8a29fd2d6e1eae18460cff1d3b56ac133303d9fa5c3aecb879336c5f8c5fbd17602d9ac87b8d9ad2ca1eea91080
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76PDn+I+/da:6rWpcOPxPke+e3fFpsJOfFpsJbgEOD/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5030) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordcnv.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe

C:\Users\Admin\AppData\Local\Temp\88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe
"C:\Users\Admin\AppData\Local\Temp\88cb33a4a6c54800f97587ecc16f7668bd3a7457a55299d9edb91025a4f86f4d.exe"
1⤵
- Drops file in Program Files directory
PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini.tmp
Filesize
94KB

MD5
4a8b2ffe5b6f353ef43332d16ae2ac8f

SHA1
e410e5dded1c870188b76db6be1c16b022f20850

SHA256
950422b413dd24d5c7e78bd9ab22b6984a861a753e620aefd92b59242de25255

SHA512
a083bb663e786f9549ae326830277ee4141e1949889b4dcf1d37fb633c319fc5c785ab54451503e2d4b7db98072d7ce93ed06951586df1592f3dad97d607cf66

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
193KB

MD5
94da7e531fec64a33e051948cb978952

SHA1
293fe65db04a30a6fe4db71f7be7bbf792917db3

SHA256
a48200f82c2f55e1cd0168b71cf7725f71a6860998d9eeec805ab9420a5e5477

SHA512
a013f162c626b154cf1e7cf0ab20061d3b05131f4fa78b9d39c1eceae5dc20e1e609eed4331ac94e0356dbc25dbf663f766cb6c6b2fe60639ca50604ee271127

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads