04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a

General

Target

04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
Size

80KB
MD5

0dc94aef173faef65c335c6154dc61a0
SHA1

3488b1b018937b143c6d4545d6a0fd00803626b1
SHA256

04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a
SHA512

aede2a8c9ba752a2cdb33944927abbe7c91bac2595845dcabca2fa3b5ec0dc66dc5c6eded8d930351e86f0f0ce0fab002b7b27c88bbf299b2468914698575b3a
SSDEEP

384:GBt7Br5xjL9AgA71FbhvoBl8sO4UbXSR2sO4UbXSRj:W7BlpppARFbhx34Ubb34Ubw

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5007) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.LEX.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationCore.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe

C:\Users\Admin\AppData\Local\Temp\04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
"C:\Users\Admin\AppData\Local\Temp\04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe"
1⤵
- Drops file in Program Files directory
PID:1588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
81KB

MD5
1e88d9c9a4221792ce309f1554d3644a

SHA1
97af6dfa88dda9a12f7f09e989931acac35f60c5

SHA256
3028f2b4fde783d78ba27d4a2fdbf8eaf08aefdfcab5c4096ff12a63648bff06

SHA512
c794451f270527e85ad80b309ac085c33506a4b18c8cd0214192863d056a3e2ea883af88a0b7c3e713c5ec7fb60f9b0a7f86aa778298df7e17252ad066c0e82a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
179KB

MD5
48626f03ee96da21299a919e9858b601

SHA1
0c558da7f56811d5939468b662925f067a90809d

SHA256
2a8769fd91a3543905d273e02818fde77414133fc7b8a0d369b034e1699d0916

SHA512
1ed430034c9ca8a23c3693680c4d670c2444927ad17e5a10c1419316b79dea15fd140e6dca94d8e3ef617e3fe826055423fec997e9f52696d2b130bfd0bfe3ed

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads