eed211b027c5986b4d8defa4982849fd22cbc535c2114e8aaadff099bf1fea20

General

Target

d2d89d123854b24f37501aa447925630.exe
Size

75KB
MD5

d2d89d123854b24f37501aa447925630
SHA1

163ee61f565647cab03314cac4d20e9767c0dae8
SHA256

eed211b027c5986b4d8defa4982849fd22cbc535c2114e8aaadff099bf1fea20
SHA512

3f6d2496677fd477664eb0b9426a9058c8f84407c7d307ac4f21bfddb1358fbd24ce71286e6726b62c634f72a7b3e9f427be5c5edb2c99ec747868291df502af
SSDEEP

768:W7BlphA7pARFbhOm0CAbLg99gwVHyVnSQTQbzjrY/+TQbzjrY/Rc3Sox/6Sox/qo:W7ZhA7pApH1IwVHykEElEa0NQn0NQp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5179) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

d2d89d123854b24f37501aa447925630.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\TimeCard.xltx.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.boot.tree.dat.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.js.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp	d2d89d123854b24f37501aa447925630.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp	d2d89d123854b24f37501aa447925630.exe

C:\Users\Admin\AppData\Local\Temp\d2d89d123854b24f37501aa447925630.exe
"C:\Users\Admin\AppData\Local\Temp\d2d89d123854b24f37501aa447925630.exe"
1⤵
- Drops file in Program Files directory
PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini.tmp

Filesize
75KB

MD5
cc7cda3583b6632d378904d5ebdbe727

SHA1
b4638687b9447a4e0f81e8be7ee370b1318227a0

SHA256
2d47889fa80a9f18efeb3c64000f15c2382fa08858c8acc9e96f91ca984ac3aa

SHA512
b1662703f57d15227e75775aac598eb475e308aebb4914cdb957d2d829e20710c4a1deed23539ce8d1f7964a8bcb2af71d1babe101259edcbc18c81c683210e1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
174KB

MD5
51f771fe90eaba608139b8c65e8b8266

SHA1
118120ce31d5dd0b2fac8f254c362523c5b5e8be

SHA256
c7c435688bee525709bb98062a263fa72f982ce7c70155bc378f9bb55fe0e1b3

SHA512
429840fcbb1f93e5ff70fa514ab508888e7298294e347eac5693aea95b0078f7773d37c1b8303b4e0f0e9abc5e311ef2dbcce4f37c06510ae835d3ce1a9cc9d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads