b5b187cbe91105f49974e914b58bcce30defa917e6b2a535a52e37cb3652d6a5

General

Target

547b0ba0c2c7e868a6a0d48728c977e3.exe
Size

124KB
MD5

547b0ba0c2c7e868a6a0d48728c977e3
SHA1

43c7fdd1aa9d60d8e4fe1b02aa1f96f12c9c20cf
SHA256

b5b187cbe91105f49974e914b58bcce30defa917e6b2a535a52e37cb3652d6a5
SHA512

70f0c60dccfc73aea9cabaf6eed6ea4beecab2bf422cf739b159e43d9edc2bcbd99959c647cc3678332f1d4158ba28b09c4644dabf95ef3425136f3c5af54456
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXpFWJq:/7ZQpApUsKiXp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4805) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

547b0ba0c2c7e868a6a0d48728c977e3.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\dicjp.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\nl.pak.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Client\concrt140.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.SystemEvents.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\notification_helper.exe.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	547b0ba0c2c7e868a6a0d48728c977e3.exe

C:\Users\Admin\AppData\Local\Temp\547b0ba0c2c7e868a6a0d48728c977e3.exe
"C:\Users\Admin\AppData\Local\Temp\547b0ba0c2c7e868a6a0d48728c977e3.exe"
1⤵
- Drops file in Program Files directory
PID:3660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2818691465-3043947619-2475182763-1000\desktop.ini.tmp

Filesize
124KB

MD5
581d637de5be8d6eaa843a1784a33a5c

SHA1
04bfaa38d209f8ffb8693a7dbea4bd8bd9867375

SHA256
def2c41eb634156ad6724de760ebe6aaad715c0c370bac90bcce02c61c651ac0

SHA512
4cce594934721808676734f1f5ce8189011941c5b709e9d85f6ba5d7e2b016484da11dcb46442d7756c3b5f3e3ab4f572bd71deef8606e9845e69eaa3a7959da

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
223KB

MD5
61e6173c1518b90f066b2d5d7a38fe67

SHA1
8d7ec53a49285dbc52f37cd8912cb4bebb25c7e2

SHA256
3d8e47568ac6f91f6eca779ab1425e11f98ceeac8583b1842deddd131d057430

SHA512
e92e2e9715e3b63a1273352e2afb18e3f90bda6bbad0f9eeda05517279d00897c8a0e639b093d4c401133cfeb0bc02d81e66c4e28d8fb583751f93d2d78a3325

Download Submit
memory/3660-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3660-1638-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads