afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075

General

Target

afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
Size

92KB
MD5

a35d559f7fb52b1edf1b9798d3c75129
SHA1

b0bf8c95853c23b4d5b5362e30d98551846d3357
SHA256

afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075
SHA512

bcd49172aabfb78e7f39d984b56187bb976c1af887f1816aae011315c249fb2889272620c46861b003422d44b0e553b5198f4ed1b0d984e55425bea443a2b1cc
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76PDn+I+z:6rWpcOPxPke+e3fFpsJOfFpsJbgEODg

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5115) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.ini.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\manifest.xml.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TecProxy.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Java\jre-1.8\lib\net.properties.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\eventlog_provider.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp	afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe

C:\Users\Admin\AppData\Local\Temp\afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe
"C:\Users\Admin\AppData\Local\Temp\afbdeea85764f2243247070ab6449a3ccf872593f95460febf3ec5ffe0d9b075.exe"
1⤵
- Drops file in Program Files directory
PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini.tmp

Filesize
92KB

MD5
e344022840be691029fc5ebb31ebceca

SHA1
b53a05a11cdaa86fb6731d3b7a22112ecccd76ea

SHA256
428287f406c28259d5528fbac404e4b96a2ee24d153f2b98a9b5e1c45a5412e3

SHA512
6e19b5988c2dcae2bade6dcd7d737904a9ce557c00c6a3073d2c71f0128cce1750dc55fcc52eb2ef7ceb75215188b53e0e96590144cafb7e1f859586a6224837

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
191KB

MD5
4b9bbc4187d67dcc64755a90a5a567fd

SHA1
acd4a98edaaebd2706e812fabefabfb41fbd340e

SHA256
d592c2c473120f2d4c9844412b328b5d26e5afcd4a386bdbb6f9ca01640e75b2

SHA512
ae270a6c0e43e5cd182e4433740fc4cb312ad42d5761b632f0bf9764036d454ad1273747b9c157251111577a4eb6cda58462bc49002e6ca550b4872a786444ba

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads