a1fc067091c3f90fc585ec9bcca661238a760740a47d3a6012de1e5de101c049

General

Target

9c7ff7c7b8cba530f527b1c909c05529.exe
Size

150KB
MD5

9c7ff7c7b8cba530f527b1c909c05529
SHA1

c2cc6b6e5f2a9df5b768e6762c993ca2c005bc0c
SHA256

a1fc067091c3f90fc585ec9bcca661238a760740a47d3a6012de1e5de101c049
SHA512

4256f02c2f8931ad811ca42be608434db6573709bb2b54fd247611f123af0d58386d82b513a1df5cdcbde0d5f6571606dea6786b463f3b3550c19254ce09534c
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZz7Tib+1FR4eCLOhj0YiexjL:RqKvb0CYJ973e+eKZz7TiGFRkC0E

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4680) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9c7ff7c7b8cba530f527b1c909c05529.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lv.pak.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.security.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Uri.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ml.pak.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp	9c7ff7c7b8cba530f527b1c909c05529.exe

C:\Users\Admin\AppData\Local\Temp\9c7ff7c7b8cba530f527b1c909c05529.exe
"C:\Users\Admin\AppData\Local\Temp\9c7ff7c7b8cba530f527b1c909c05529.exe"
1⤵
- Drops file in Program Files directory
PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2288054676-1871194608-3559553667-1000\desktop.ini.tmp

Filesize
150KB

MD5
d81ea7fd61771b82ffd5e2cb51fae4a7

SHA1
88ea723939b3c9b9c5e196da5a59d10c639e07f1

SHA256
9a915561c0ba2c6ba6157c564306ca4a03d92b6a0ebdb30e69cc9737ea5d1278

SHA512
3b3f6f52bb0f95a3dbb05c9e0f9b21024768d832cbddaa4cae5a4120baf30454724b453555491b51fb12d8e4c2eff86331879881b0b6d03314e133a7c089792c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
249KB

MD5
e8c6cfb5f264bac3eccb87305ec57395

SHA1
ebd2837b94ab390219ef6f474a61ca0fddffd7dd

SHA256
c2f2300bcd30ab4c80132c15980b176a68296609de69eaf42525939c71dd8e90

SHA512
57addc8bf59e0a5989faa467d03cf681b477500ff3db7570bca48d3f26ea5b9d4aa2e78501574695f80fe167579eacfae79dc27863e2634a67c31c463ec561f2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads