acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d

General

Target

acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
Size

75KB
MD5

6d7ef447f08d536975b7a52eb7c52b1d
SHA1

4657c269903eb9b70130cddec831783880a8cbee
SHA256

acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d
SHA512

b6d556ce09206f75bfb147f8ad2c52e2954676ebeb2c7dcab88a7c95f57a1cd61c02a277a2072e69706648b383601bcef8ce7b918c34b589a59b3d24d588e6f9
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/vSk:6e7WpMaxeb0CYJ97lEYNR73e+eKZvSk

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5168) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\ReachFramework.resources.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Java\jre-1.8\lib\net.properties.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.White.png.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\TimelessResume.dotx.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\misc.exe.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R64.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp	acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe

C:\Users\Admin\AppData\Local\Temp\acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe
"C:\Users\Admin\AppData\Local\Temp\acd85b6772113de5bcb0c5b6fe85665f561fca93cb68c5280f44b08768a30c6d.exe"
1⤵
- Drops file in Program Files directory
PID:4852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini.tmp
Filesize
76KB

MD5
68d1259f8e5608f2d63f0a5b02420f92

SHA1
0572386a195bd3a328796839f459de20763127c0

SHA256
0ef95f55aaff919b86ae051d8eee4bb8973be5a3c3319d24148d68ddbdb3b98f

SHA512
bfc6f62f52cd43239c0eb84f706f251b5f25a4d06da5042d38e6e27a3661e352c5a0b29080bc7dfc0878af29d98acd494f18e3e3caad760ace3e844b629fab5c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
174KB

MD5
a6e9611ac245602632ef6d4980aff35d

SHA1
8e366742fd4a8c22020262f33b320462a0dea571

SHA256
e1a9607d126303b326823073579dbc95d5a150a9512bf12af65f0425ab2d3673

SHA512
d24233d036ee35d1f83ae9b4207cd889f86e1b2ab61fd90fc6c62d136858e31892c45cb74c227242efa06e6bd2594a7628cdd556a37ffa1dc4bf8d231291f33a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads