01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b

General

Target

01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
Size

78KB
MD5

8bc17cc88c7df61fe31eaf630850e591
SHA1

90901967962c20f24ed9964ef731bda045aa4f70
SHA256

01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b
SHA512

da5dfb18fb9d53c483574eb8fa9eb321ed38bf3d6299c5f4a6e719cfac511fae7b6a1e418bf37f56324106ad2189ffefe9ce96e285d6f3abba3efb9a10669dcb
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65TGAzEWzVNOx0ypIzIu73mYdE9aC3s9XL7EWzVNOw:69WpQEJAzEWzVNOx0ypIzIu73mYdE9dY

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4853) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Java\jre-1.8\lib\currency.data.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ppd.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp	01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe

C:\Users\Admin\AppData\Local\Temp\01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe
"C:\Users\Admin\AppData\Local\Temp\01aefa90ebeb270027a593525e443c94b24f4edb5c1cdb9baecdc465e74b736b.exe"
1⤵
- Drops file in Program Files directory
PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
Filesize
78KB

MD5
daf56d9e1c248a11aebfaa51027ac396

SHA1
27c98c1e266e55255ad005e5a9c23dad049f9a79

SHA256
ee7ac84448c3acdde5c8c7a6c4d6b75e02f4284363bade0226d14ac9342ed292

SHA512
2c4d4a82fcea0545cd5770ade38ae05414329a00de06349bb66b17363aa25bc952990d064a723de6d533f1be16e8e873be1d3ec1c6d8e2953ea916ad77f9bf3f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
177KB

MD5
384e367d310396601126f98d30afe329

SHA1
a98d0a872904730aeb34c49b6d4a10aae0cfb556

SHA256
9e11206f97cf9a46cf54a5ec791448b6376bdee8df91706e7563b2a088373f08

SHA512
4b8ba1ce61cf447b9557aefa61cf6036954165a2925372aeb36d2b4a7b59da7e1f6367f49ee9508743ce43e187b6e06db00aab1895a2074e728bad972ba6baa7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads