aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0

General

Target

aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
Size

94KB
MD5

6361c438da566fe6f33ff431d78abc95
SHA1

19e31583ea9fdebc0bc4a938fa45602eabd1a199
SHA256

aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0
SHA512

7421826850bc9ee45206e28774e1f9274bb228e8c74659edb205d8ab774a308f56a99f0372eeb25c2e582cbc5e56175e5d4b0fe0f0bf5d932b1435844d428324
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP761wewz8eE:6rWpcOPxPke+e3fFpsJOfFpsJbgEJRxE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\AddSync.vsd.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe

C:\Users\Admin\AppData\Local\Temp\aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
"C:\Users\Admin\AppData\Local\Temp\aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe"
1⤵
- Drops file in Program Files directory
PID:1284

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
95KB

MD5
388ce93d634d73437ab4d8135ba48509

SHA1
1e91f5930a1c1daa5a68d798666095a5a69a9e94

SHA256
e4f3c9c92d7f4cf97a01590c09a1b07c4d9543423597f3d5992127a3765fb2d1

SHA512
bd932de842d7e4c84097a6e81e86c901b2cd94417eddcb25b2cf2fb0e516cc5dcbe2f4e3600d5b08ee0b4254d0231ca57022f4619a34191777c7fecae576158e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
103KB

MD5
fe2a0f59acef4b08a666fa590e18ef3b

SHA1
c1e45ba8badf495e29e0c9c1cac6194f3228aba1

SHA256
d611255886cd15298885137c94b9c6dab7cbf997789585659480cf0a1ac7afbf

SHA512
be0dcb76d568d9c256a82df694ee7c77e938e1c6263dff690fa0aad26c97f286f55a840b3fd49f79b60d4a177c7b584798489be3309ad6a50f18d586cca22bce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads