f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77

General

Target

f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
Size

91KB
MD5

a03f06e32300264b7ac613dac52d14ed
SHA1

13ff893d065e4381382b9393baac489fcee12032
SHA256

f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77
SHA512

515dfd3a948516cbb3e2b9acb9ff914117d057b8f52106e03876aeea42ef8c87313a6e69859b2d8c7b1c07f685cd9e00f42c2bf22525c8d6050b5754525b86b7
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN8y1Sy15:6rWpcOPxPke+e3fFpsJOfFpsJbgETVH

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5049) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordcnvr.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\FA000000006.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Resources.pri.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Java\jre-1.8\LICENSE.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\manifest.json.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
File created	C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp	f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe

C:\Users\Admin\AppData\Local\Temp\f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe
"C:\Users\Admin\AppData\Local\Temp\f322dab24f36a05ce00676b31d160a245dffae7c933afb775f036bc6cb991d77.exe"
1⤵
- Drops file in Program Files directory
PID:712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini.tmp
Filesize
92KB

MD5
8831ca5d686fc1425b782ade71e838e8

SHA1
ba0c644b70fed3a8c510b4eb7719282d283f5b79

SHA256
bb1fd854ceb90142019c9b1ac47e3dfccd0ea0009bc7c2d0840a9d14095cf084

SHA512
7f718edc3e654a616caa79fcebfa76afb2e6a541ce06c505ba178a492c0fa7f688f7c523fde19b91de67da67d0550de720cfc80f188517fb9be55d79960eddfe

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
190KB

MD5
6b21ece074ee0034fe87f67ebf978cf7

SHA1
f8dbb10d315c56465338f52decc6325958e463d6

SHA256
4f2aae4bef1203e73440a8bb5ec183668eae0d60e44246d61ead5f8fb7f74080

SHA512
6cb050fbb0b85f5d51783a9ea6a4603bb5e32f9f8e2af0412a539039e63f648347cf9bbb5c2f1fc61312767f85a6e3c83e629f0b36c5e621f5f3de744d0405d0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads