84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a

General

Target

84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
Size

80KB
MD5

293cdb165fadbbf1c100680c0a13dc8d
SHA1

c31571379c8c085d6c77d91a1ae31061fef6c361
SHA256

84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a
SHA512

fa6e1702fd198f111c83f9bd0541b7d8bc1d04c9e8567bc468c632d68d498c5575c6551a03cbfae0fa01c62ac986b018770afb80206b807d7803436db423d743
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHi:W7ZDpApYbWjIlE77ufL2e+efZwZavG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4905) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Java\jre-1.8\Welcome.html.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sw.pak.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.ini.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
File created	C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp	84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe

C:\Users\Admin\AppData\Local\Temp\84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe
"C:\Users\Admin\AppData\Local\Temp\84ffbfba6a7bfb8e48ee92f7328b57cdcc328034c0a9ff26cc79dd86a570787a.exe"
1⤵
- Drops file in Program Files directory
PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
80KB

MD5
ad04ed01fda32369f3b6e78a50e7ba19

SHA1
976bf619f650d79cb1c121f99403c41a6318b2e4

SHA256
b34a1f89a440c566a236c4ed6a46c3f54a39243537968ad9385613cce08664b6

SHA512
58cf6e714077b09c8231827ace822e9a48082041d6618c4ec229f69fe0f93195bb5d86b132f1266120e027070656887713a8345d54bc4f3d5d7eaa991ab4c092

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
179KB

MD5
a506380b108cbea49895bd1756eca932

SHA1
204885fca4616eb0237bb3449954f7584c1010c9

SHA256
8010c1916fcc767e92aba04e1d3a394258812c3b12866c855a781fbc8989cb2a

SHA512
3f7b9468268afbacb4e9131d4426c6975ac837064dc84a720aa64def4a4cfbcc8ac09014a12abca3b108edd6b633a38cf50757ba34f012d44190431a217ca772

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads