d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873

General

Target

d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
Size

112KB
MD5

16260f5189ee2b597713540f257fe460
SHA1

8714f1a10889a550b47cd7e0deffc8e02be11307
SHA256

d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873
SHA512

945c9e0afdfcd3d2cfd16b0576ce45ac94ddb718311f42b060cecb37c5e3ce0dda748d7de059d46ee04a689f0e4845dcc53eaedfdcf84f4afa17d7ed8364d693
SSDEEP

3072:6e7WpP9oVLQthbYY9oVLQthbUrt7tmHSXIBlf08qySzCeHbK:RqA/Hm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4921) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SAEXT.DLL.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Java\jdk-1.8\LICENSE.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe

C:\Users\Admin\AppData\Local\Temp\d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe
"C:\Users\Admin\AppData\Local\Temp\d618ad28f0c1aa385acf344aeb23a72df8e74a3435f5e1164ea2534bab030873.exe"
1⤵
- Drops file in Program Files directory
PID:4132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1132431369-515282257-1998160155-1000\desktop.ini.tmp
Filesize
112KB

MD5
621eaef5a78192751ceb5ddfbd29b237

SHA1
d3c07917a2086f3b628f668e12f8473203837cbd

SHA256
f0a50c4bd6bcc15b83a64b487f723d91ed0ee55e97c2c6884d8eaaf4d4bd23cb

SHA512
d428a3dc1433879de70451bf5187085aa1a578bf1f67ac0de5733d5b9bcb33c0ed446ed965ca9554b56b5e867864f484ccc3328ec4dbd416dcf58712bca3f2f3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
211KB

MD5
dd7c54102c38596e38c1553accd64f26

SHA1
dd3d267da39bc42aa008071f6d087bfa19daeb7f

SHA256
2f5405c5071750b41125854b8d5310c0f2505b64695db74cf2a33a3a3c3a3756

SHA512
64b351ade820a575653171763544e98815a4aa0659d0d29d5fc8a57aac1505356451edd953fa2170cff371f654dae975a995d156985b622ee6ef73d003a3da66

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads