479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1

General

Target

479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
Size

48KB
MD5

dee5ac3f173d1ebc6857004ec33b9ef7
SHA1

b37a0613c3a7916ba831bb3964aca8be399c0d0c
SHA256

479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1
SHA512

981197c2a7bef27cdc78e58c16753e04c7990cd81d9e42dc2719dad0627a19b10e3c41a471cb37e6f99acdd4cdc2af156c724a5f56d8d1373ffb150f22608361
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFC4Nhdg4Nhd0:W7BlpNLpARFbhblkYlkuvIYFlhS

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (520) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.CSharp.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-math-l1-1-0.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Formats.Asn1.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Emit.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-util-l1-1-0.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TraceSource.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.TypeConverter.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.Common.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.DiagnosticSource.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l2-1-0.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Parallel.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Serialization.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-2-0.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.FileSystem.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Xml.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-1-0.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-locale-l1-1-0.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-debug-l1-1-0.dll.tmp	479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe

C:\Users\Admin\AppData\Local\Temp\479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe
"C:\Users\Admin\AppData\Local\Temp\479d363076b26367a75eadd12f1f5f773c57cafc7039f13216108899d6046ff1.exe"
1⤵
- Drops file in Program Files directory
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3760 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
48KB

MD5
ae3732fbfd72fd66d9e283d8a8260147

SHA1
0030f462d27171e2c782b25411b16dac0ef3f952

SHA256
78b75a8f5221f51ddead59beae455f2b6b396c3cc913ff60d2b9b64cf428f9c5

SHA512
20b3c927b20de51245cd2f7ba2b5130d525ccaf098bd49e5bec53160427c93960610ed07817e8a6de2a2f78ac08df341f608887e5ab7c7abb140575a3dbbfdcf

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
48KB

MD5
d56d59c1c462f1aa44a62506f7569177

SHA1
a9cf1a87cc1d811db76c3e64e5a4947eb998b8cf

SHA256
7ae6181304fe1d446c2e720aba7c71a2459d8edf3c2d22acdae1bd4c27332b00

SHA512
7390826cae8597ecb85d03c506b8fa104b66a6926042655e546b79fd942c3c8f1e93afa4f8ec36f473fbc4261ba14c4288ed1ef764e47a7c7501cc3c85a82eb9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads