a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac

General

Target

a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
Size

74KB
MD5

0ebbdbaee340da31450ce5ad667ae4e0
SHA1

de20e94ecbfe0e2c065fa27fa14667a5a44047c8
SHA256

a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac
SHA512

3be3291a0015396ee72dba2680daa70e29482324810154ff618837342436afc19e37785ff3c313fb4b49c927a254cd2e56f40f51a009df333a40fcd3fcbb8bfe
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/hZGFWF+ctFXcVr2FWF+ctFXcVJ:6e7WpMaxeb0CYJ97lEYNR73e+eKZyFWn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5044) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\ConfirmSearch.MOD.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\concrt140.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp	a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe

C:\Users\Admin\AppData\Local\Temp\a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe
"C:\Users\Admin\AppData\Local\Temp\a54360ddedb09c3445ca58ef169dccf0d7f72417ce19e025b6400166ef42aaac.exe"
1⤵
- Drops file in Program Files directory
PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\desktop.ini.tmp
Filesize
74KB

MD5
3cc9c9d916c88902e8e446f78bcdea02

SHA1
fdf1de7c00f2f17b19bf629c8851140a2e708d01

SHA256
38b3bb3d289e986f243aeb4fdf0b65f95595cfcb8e302487fc5a85172fb544b5

SHA512
4db2adf7682270ebb6eb9914393b3ca1863da8335887b1717377f93e6d043fcb6e051a79fec5f8e26cc454f23c11f44751ea4a8b893ddb00535211b05bc08aea

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
173KB

MD5
7345eabe96ad81e5796c471063dd7d4c

SHA1
d322d544604004e1d62f081de12b031ebec27b6f

SHA256
07c977411458398bd3613d9ff4c1e41b13c6883d45848bcb01d0704660861c34

SHA512
128e42cdf764a62c6074e7cc385ae6513fb422645381da0d635dc187e2d8333f0d80e745f74a6de574e51b14b00c3308d208c89d7b9f5cc08d45ea2047141fb8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads