95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804

General

Target

95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
Size

81KB
MD5

7b1d25b9579f8b15264cde809dc13a8f
SHA1

9a49def10534d96c4d3c690138599d5ac040db7e
SHA256

95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804
SHA512

bac6de81d5843525cad6195d39979c43b9af8584e85cb354121f9b60b6fbb35b392191d1a704783c98ce7728625e2db78e99d7421a481f5b50a0f2b3400fb115
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ/vR:69WpQE0ze

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5199) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\FA000000006.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Java\jre-1.8\lib\classlist.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LEELAWAD.TTF.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe

C:\Users\Admin\AppData\Local\Temp\95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe
"C:\Users\Admin\AppData\Local\Temp\95291ae2f2255b6b5ac6eaaf29f2af44a6d63bafc04624af9a85af7c390db804.exe"
1⤵
- Drops file in Program Files directory
PID:4608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
81KB

MD5
864f6fa70c2a443d9816f28383f6d977

SHA1
2aa1b5d678c8ba17dd5f7a816393982a539df7f8

SHA256
25e8d62766de545de5be21da5193975d59080b3bbd81e60618624963af12fdeb

SHA512
1a58eea936746faa905edbdd758762a8c6c9b9ffd1499b671a2404ace8e22fc4086f8fd05e27e0a757692502947260cc489c748b9fe4fa33bcc41f6a506d7123

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
264b2a00ccf6ea787a2522ffc96cf575

SHA1
347861974f0489309b0cbe6e0f10ba08a410b782

SHA256
b74e6ab8d120346054ef114ef2cbde6ce7d87a2a10b06278f41be41c69d4d665

SHA512
80fbcca66dde61215822be285f857cd2b5503d25eee9163592003ceadd610627e32c75808f0a681697330829cade4c65736abdf3fc4118a6e373b42bcea082b0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads