390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102

General

Target

390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
Size

96KB
MD5

0863815e8e97e2c9de87b43c0d55e950
SHA1

5a69fdd800cb995e041a8f99269c2414f58f5601
SHA256

390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102
SHA512

fc531c5e3c0295d67e27b98ae1c906835d46500c5602f6764a19a270d64edab7bddf85584e0f4ad4b8f417ce145f40ca23b1f457f7039f088a5368eba6d968a5
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76zlJOblJOh:6rWpcOPxPke+e3fFpsJOfFpsJbgE6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5029) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jre-1.8\bin\jfxmedia.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.map.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\external_extensions.json.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ml.pak.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe

C:\Users\Admin\AppData\Local\Temp\390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe
"C:\Users\Admin\AppData\Local\Temp\390cc14903ea1a754bf06b74cb618dcfeafefb6854cbd85fdd09871c94ff8102.exe"
1⤵
- Drops file in Program Files directory
PID:4792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp
Filesize
97KB

MD5
efe5a8db07eadb8dee6401c0b7e79db5

SHA1
cb08c9905a98ecf7ee1417af4cad4d2a0cac4919

SHA256
e2fa70ff4717119734103a74f61b2b083a0aadb86952b4018fb3e4cd971f6412

SHA512
085f996f27d68ddbb8f28d3b78b77e25dd9daf6ba54b945d6571f9995ba873fe5628b8fd3cceceeb2ed78146d0b593a0adae1fd4a67686962da3835502d8a5a4

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
196KB

MD5
ab8e390e23ced26865870c450b8b2681

SHA1
04bf83566af3e36da2675991e9e54bf474778741

SHA256
5627e330df8fd0d5da51d4b0cc760cb381f7bf64c7837ca4f52f6e54a9ef8d4f

SHA512
186d407b015dc3ee4d499769726a82fd613a82242e128b2199910da0316ffeb049fa33bd0a7da705cf0cba5adf513c09de486cdbc299268ca5d076ac4dd41259

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads