79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363

General

Target

79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
Size

40KB
MD5

39e12b81c5a3dc784f00de4b1b25d015
SHA1

27fe91323133fb629d24097afe106e3ff5cc2d01
SHA256

79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363
SHA512

b751bdf063ed8b7cf721eaea41f7fb9b740f8bf17686c10da0c9ac2af2d97ec5c5d4df3e85c18f6b754634e2a9835945e74e4af7e8e4395736e00568f8478bbc
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFG:W7BlpNLpARFbhblkYlkuvIYFG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4827) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\resources.pak.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp	79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe

C:\Users\Admin\AppData\Local\Temp\79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe
"C:\Users\Admin\AppData\Local\Temp\79f63894e36cf6d0fbfccd38090b72c2c8436d4c778168cc78998586548d3363.exe"
1⤵
- Drops file in Program Files directory
PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
40KB

MD5
84a3b4c4228a675fb1ceb9d416c18929

SHA1
1d4afacfab820d3dd243bde071bc30d1094a4bce

SHA256
12435d06f6bfb45d05d871cd9a9de8e76bb3517900f2a18d583a02b69b02c800

SHA512
e311498050b9799b310e2e0767065c48f78bcbc49cff89ae43fdf62d341b7a5e17da67e42c19eccd37dab0aa3595a7621cea94d0c3065ad927c144514936e48e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
139KB

MD5
ca8069cf629eafaa1b6247fb6175c948

SHA1
ccc31e266d1c2bbe07f29416b194bea42cc33d7f

SHA256
d15256136c08dad8d0f10b92b3b8d4f5f3e975b9ad88a302be224daf5cfe4e5d

SHA512
fabf2f0c7ec4b4bccae18f11d08584130f19fbf95b16795f227454d35b48257a568d6a09d75c873f39db83f78f8b66ec92fb5f810602ace3557f7d93def28acb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads