f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413

General

Target

f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
Size

109KB
MD5

bb6859be970a8739d8b1d9ec6d6fd2c5
SHA1

ee78b5df12090615bf784f9854336a459e5425b3
SHA256

f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413
SHA512

7f6ff406005b4c7745bf61106fcabddfa107db5ccd3bdb464d3aa790dbc4d10e23aabc504f9c454117b44de5ebfdad7ab0a9a9e850e044f88cd7201ff64a30ec
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgE2GEJdwJds:tFPxPke+eI2GS

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5014) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nb.pak.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Java\jre-1.8\release.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp	f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe

C:\Users\Admin\AppData\Local\Temp\f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe
"C:\Users\Admin\AppData\Local\Temp\f2a73a7128e4d1d7a6327285334347fcd0cd80075ddc3983bb218116d6725413.exe"
1⤵
- Drops file in Program Files directory
PID:4984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\desktop.ini.tmp
Filesize
109KB

MD5
d2055e82b7f8e3971d9e211fd3433a27

SHA1
1df9dae4e4a06e294f8a2fe1a501c842ce312091

SHA256
a545fc244fe988868e56d8d236701e45e11e48434683ba6a516e76fabc4af1cc

SHA512
b4d155c3fe0749efeb9f15122e396f3daedca50706eadeb0aac2dcf482e1c621a2d21111ae06296ca0a78a203201e5b2c3708b989f35ab26684212b9b790bb86

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
208KB

MD5
8d736244160123d5ea415140cfad977d

SHA1
27eece6796dc34cfc7aa75fdc4c15a61a8819da1

SHA256
fa07466f539114602d9c16f303fe8df04425d8431758049f14d41d6e690f9aa2

SHA512
8f9f0352740d26b8bdc07d2f215cddf1e6e6d02e021476cebc2c2dcc4bd7ada4208d246c73f9e121383e5357202eae36c78460091696c7d6aae780dd954ed0b5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads