b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5

General

Target

b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
Size

62KB
MD5

55fd908254d57a0ff9717523a8e8b579
SHA1

02754c2bc9dfc537dbf42ceafa99149b2ae325b2
SHA256

b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5
SHA512

a2e33cd6f152d887ed5e8c6c19ee9d594555c1459b7e173822e5005bb383ded302af3b8fff683b12c9dc5c8b77f269583a6010f5b22914fa6f45ea164cb0f0d6
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2FjJ1HrH/:W7ZDpApYbWjCDOcJ1T/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5112) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.boot.tree.dat.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe

C:\Users\Admin\AppData\Local\Temp\b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
"C:\Users\Admin\AppData\Local\Temp\b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe"
1⤵
- Drops file in Program Files directory
PID:4220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
62KB

MD5
b9ff982fc6e1bfee34f78fb14d61e4e3

SHA1
777bd071d35e4a85d897f528ef58578f51f06421

SHA256
3abd0f79b11fa8f5a1c8748ea05c8fab47bfdda72728024c6102059f62386cd3

SHA512
428c47110450525e7bc066d9ca39f0e50e299d074d43b933179b0bcb01cd33f1c0bf0e864e78512bd632a6accd7f644aebab8fe516d529dbde9f47d5579b8a67

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
161KB

MD5
6d62c0c506e294a85e32edf43cb972f6

SHA1
a3cdd56f6d2affb326117fec720f83f4eadcf492

SHA256
7a58c9d8aa533f0e2aecea8de0b5db0e9f7eb1fd212da5af090dbbd28a18fc48

SHA512
eb27763a35c6dd4bba435573417d9b66d6df3d0805d50d4cc0e76fcf8bdd80ec0eb6cb216d3315f6ce561f12fed9817b911ec591b68492886ee60f304024c36b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads