c4831797e0afb31db976e617424c92fbe3ae09ce9d259f4ed9d3c6a8541d2002

General

Target

dbee0d8ad03c55789c5909c73042b028.exe
Size

118KB
MD5

dbee0d8ad03c55789c5909c73042b028
SHA1

143cd7824a6ce069b5f83bdc949dbf7311f0d572
SHA256

c4831797e0afb31db976e617424c92fbe3ae09ce9d259f4ed9d3c6a8541d2002
SHA512

677ffd705d99c31cbd90a3a1e4195b98bb3ce7dff768f59bf03c4656bd0be8b562f4ab9ceba6b5bb493b617f19975f39ef4fd1074e67ad47187c9d1b25ad042b
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5pYJIJDYJIJOO6O2lpHiJOP25LqrH5HiJO1:W7ZQpApjIWe+eoO6O2lpiMZiMwvxvs

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4815) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

dbee0d8ad03c55789c5909c73042b028.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\th.pak.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp	dbee0d8ad03c55789c5909c73042b028.exe

C:\Users\Admin\AppData\Local\Temp\dbee0d8ad03c55789c5909c73042b028.exe
"C:\Users\Admin\AppData\Local\Temp\dbee0d8ad03c55789c5909c73042b028.exe"
1⤵
- Drops file in Program Files directory
PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2288054676-1871194608-3559553667-1000\desktop.ini.tmp

Filesize
118KB

MD5
a694251a9ccec5f43917af99cc5baa61

SHA1
1b09eab22d3469abdbd6b83314c3dff1043ce782

SHA256
9846978129989ab7bb14b5420c847dc396c05bc80acf0fa6fdca6ce6d48708a2

SHA512
d79a724eab3131083b353a1b6b4521ed3638a69e8cdc2649045db5b0fdde222715a304e0ef74505e7e9c5587ff38ff6caf96818814e052110b5ede39745fc80f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
217KB

MD5
d06294d3314f2d482b65752e2df4f3f6

SHA1
7f28928071cd2bcbcb50f8294c68af8c0c65700c

SHA256
6e89ab9897214848edc0e3d44ae051918a7a4bbc019c19661b457874108e7b05

SHA512
83beb0ae0237552d35f91260cdc3fd219942e5420670e603290665e805714bd70602a45a06ed7bed03100dd07951615bb00bbb6015350ab0623e3bf190109a0b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads