78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e

General

Target

78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
Size

40KB
MD5

842a8ec856136eabc8e77fa5ebd41d44
SHA1

34312b412f2ab363bcfeb5c3db3bec272dc0a8c5
SHA256

78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e
SHA512

4bb173e4afa30ba2e8077d96873586a32ec137fe7cb9cf7d08c08f47c806f48ea25f23e5a427a90dfe0deec7a1b328945708410e378533a137ac5419ef82961e
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFj:W7BlpNLpARFbhblkYlkuvIYFj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5046) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-ms.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TecProxy.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jvm.lib.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Primitives.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SFBAPPSDK.DLL.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsBase.resources.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp	78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe

C:\Users\Admin\AppData\Local\Temp\78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe
"C:\Users\Admin\AppData\Local\Temp\78908d9a189b5f1304c39c0226c8d56ed390e5edb0bac0edd784977dbc7d047e.exe"
1⤵
- Drops file in Program Files directory
PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
40KB

MD5
2f9498170a2406b41c496e47bd3bd960

SHA1
f857508c17aa73af9a0e02346f23907dc1a3beb6

SHA256
816e4b8212cd95ee4f820d25f9d358b025708e3f24a68e37c325f66e1c549fa0

SHA512
9ba52100f7aa64a00b5ad3d22a2bad92e8db15db093325f1db31c6f5670ba9e8235c6badfd189ffefa5fdc20aecbcaac0af2036c741aecb9d7a79e1af7833a97

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
139KB

MD5
5b1547f402cb9ed740037c469c8bd239

SHA1
791a0874a39bed97a39ba9550750fe90f0877d3a

SHA256
194934212adc7056af3a7780ab039b8a5b0b1175a7876224e55b614fcd00b7a9

SHA512
236773a23160af0edd4121b67d223af2e6e4c5675a0e928ff76d6b0e8db14ff20129746ca3a23f4b238a0e9ac956723ec87f37e9cddd3e602f53c8a71dcb90f4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads