04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03

General

Target

04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
Size

76KB
MD5

1472466f3f5b09030eb4d4b382e1f281
SHA1

d7cfa2bc33cc1d08a5a380ada8c3f2c7a309b6a9
SHA256

04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03
SHA512

abb74de6fa7e565d6bae04e4debe2f6b31ab7165fe7801c0b4d52c28d04a8a3e6e665f0545f16f4adad64411357e8430823181f357752af6bc665c208a71f596
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/h:6e7WpMaxeb0CYJ97lEYNR73e+eKZh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (599) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DisconnectStart.vsd.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe

C:\Users\Admin\AppData\Local\Temp\04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe
"C:\Users\Admin\AppData\Local\Temp\04f54ed94b77ba27ec848a8a4cd911967ce56f96cf780f370463648641517e03.exe"
1⤵
- Drops file in Program Files directory
PID:1928

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
76KB

MD5
2e5922ccae56d758ce1354329b1af789

SHA1
9fb36b16d453d8813283b1373294229b9eb4fb32

SHA256
0dda521c21d66d87a72f855790567491b419999678b744c913ce792d4f2c6a21

SHA512
f06a95d1350b65671390e415f9770ccebe8a4a2b918ec6923c6a4923c1fdfb3f689bce56bf4b11e8e4925c5c682d52dabd9677f830d2042c5df0bd173eae460e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
85KB

MD5
ceddd2f5ee110d002796d76692c10381

SHA1
5e69a60046ac881eadee70cdee3acf59483cb727

SHA256
e6946e9ca64abafad5d1ae596f9ab1ec7b3e2b69032de7ed39a099e2e1dcca1a

SHA512
be9f56649025f223d961c59f1a72140dcdadcb4fc48b95c544fcfd7c5635041fddc21a82dfbd356ea62fd33ff21be191869b309f13f8613ceb87ff01895b9197

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads