94bdec70b833bc43c5468e5c29de624b25264b4be8637e6f0d78f514c8727907

General

Target

1c0e337f97623a72a37978d53d51b599.exe
Size

68KB
MD5

1c0e337f97623a72a37978d53d51b599
SHA1

219b6710aec715bc6028e83e99eb169b8ffaaffa
SHA256

94bdec70b833bc43c5468e5c29de624b25264b4be8637e6f0d78f514c8727907
SHA512

820285cc4fcbb45f58d2b29475e358ab1635166a850c02cd8669488f8a8f2dd6f70a17cc3cded174aa5258b30ba6a4a54d6f059f2d4a8f601e3c9c0936a6975f
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReg:W7ZDpApYbWj2WTWJe+e/qpM2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4998) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

1c0e337f97623a72a37978d53d51b599.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL082.XML.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClient.resources.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark.png.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Java\jdk-1.8\jmc.txt.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC32.DLL.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp	1c0e337f97623a72a37978d53d51b599.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ppd.xrm-ms.tmp	1c0e337f97623a72a37978d53d51b599.exe

C:\Users\Admin\AppData\Local\Temp\1c0e337f97623a72a37978d53d51b599.exe
"C:\Users\Admin\AppData\Local\Temp\1c0e337f97623a72a37978d53d51b599.exe"
1⤵
- Drops file in Program Files directory
PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-355664440-2199602304-1223909400-1000\desktop.ini.tmp
Filesize
69KB

MD5
b5b154dcb4401b21d4106fdd4c2b7fc0

SHA1
598a3e7e6c1456117541b1416674f4571d62dd6d

SHA256
5ac764a1f4250f80a97139acfc2098a7c45626b99c9fa45d7a0e17c194d5b8dc

SHA512
7d23e7ab5d7b6005e19e347f638167b7fdda22cacc93ef3f128d553538cbd9d7e77120439f4d75b602dcd231e51063d96f393aedd489cd07b35edcc7696f7cc2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
167KB

MD5
82e8924791dfe9ed4ee6ab8d22154b39

SHA1
b4965404847cfc53ec46807468de6bb976e71dab

SHA256
56682cdbb08fe3ace5b706234002ceacd867d191e2515cd35a86fada7f29d5b6

SHA512
1d2cb28d845ba7a85c3970e8f670bdf5ea50df638669fd27b4b2c95dc7136c385760ad07be8bc820edd1682f81b0030710975ef753b63cb1cb0890975ac6a906

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads