c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4

General

Target

c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
Size

77KB
MD5

2b765ebc0f729a315e0182d19a1a507b
SHA1

02e6894189e6daca07a887e433d8e630fced8bce
SHA256

c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4
SHA512

1b377ecd9bb9c42d4b6e59cb61fcb89c97263101fabd7bc2f8a055f9fe0b7c22f7e0470503eb522e4780e9c1ea6cb0de1639d51970a8557ae5f50b52a09a9760
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6:6e7WpMaxeb0CYJ97lEYNR73e+eKZ6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (413) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Debug.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-profile-l1-1-0.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-time-l1-1-0.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\CloseUnlock.emf.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-runtime-l1-1-0.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\dbgshim.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.EventBasedAsync.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.Common.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Console.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\clretwrc.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe

C:\Users\Admin\AppData\Local\Temp\c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe
"C:\Users\Admin\AppData\Local\Temp\c97fb8e75511623854c1f8360973cbba0de03013fcafd616e751b6b22ed773e4.exe"
1⤵
- Drops file in Program Files directory
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:5100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
77KB

MD5
3ed93806634b68811bcfba180aa53bc2

SHA1
ed1ceeee12cc992a71d9365dc98f086979eb2611

SHA256
81425473b4787ed58d057e83f3ca8d7d4d27469d93a9857bd811015c82fa30a3

SHA512
869df98d63e8422e72cc1d57880873d36d0565e4779b831b52f249cbffaa30066eb7caf650f1af523295386d391034eb9384b8d07a845a02835ec2e0ba33503f

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
77KB

MD5
2fc27930051c1bb9497e5966795d43bf

SHA1
7431062673ca050c038b8069f8fabb078ca93002

SHA256
0be71b5631db1f5c075464952819308c93b7e7ebc7dbdf88a2bed2ab8adf3c22

SHA512
a66391c83afd4406ec4f30f7733c9eb9d2eede5611fe67ef78cb3d696c0af20f86a71cbf13991a496e492a90e1e237807133e6678d94ad83c1968bb3293f4255

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads