df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c

General

Target

df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
Size

68KB
MD5

d341c819158621bf03b6706c178dd95b
SHA1

79f0fe0ae042e268ee0b7f348578343b7aae77da
SHA256

df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c
SHA512

7b190aee833e176f8c6f2873831aa5343233abc7b2037b7aff14799e78d922797beeae629746348068fd1f9e723aaa6db6e6087a26444455bcd3230c748145cf
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhP:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsa

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\ACADEMIC.ONE.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.map.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\XML2WORD.XSL.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARAIT.TTF.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.tree.dat.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp	df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe

C:\Users\Admin\AppData\Local\Temp\df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe
"C:\Users\Admin\AppData\Local\Temp\df3463a1cddd5ea5cce8a4c4c8698d2f8fedffd95d41fb285afe8b7cbe90380c.exe"
1⤵
- Drops file in Program Files directory
PID:1172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-355664440-2199602304-1223909400-1000\desktop.ini.tmp
Filesize
68KB

MD5
cb6f1f6569df1caeeca7ead811ad1d85

SHA1
a5b1fe15fff26467f33e1ebdf9cd65e419c1c940

SHA256
fe79fe3b8e16567761837226fe0dd40e606e290de76de9a9256ca05037f96cf2

SHA512
52d8e3e935aa9e352b570f8d3b40c8c2eb0765cf04eba1f67c30dbaaa492686ec1bb8aefd8a1bc7b37854937e5edfc8663fc29355a4b5dfbe01b9aefbb2e3192

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
167KB

MD5
e443146e5aa161cbc74a1550d2d1127f

SHA1
8984692687caf315dccd74c3356ded908d4b38d4

SHA256
dac3c2ad81cac48ed8e138eaf030863b2a56e9875cb7d8be6a8c97254c4e9ba3

SHA512
7912f15da671b18b0c5c0d52fc42ec481bf532c95b2c0de64e1858f6cc4673ab38cfc0fd2e56785172f20fb28dd8acd6939e4f66c050372eb497c9c60216fae6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads