0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27

General

Target

0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
Size

82KB
MD5

b9ec79ad48d14b1b438464f1854ae4d6
SHA1

18c83137a61b8e75b7045b543c1d11dc37d64c57
SHA256

0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27
SHA512

5c4260e1eafaf854160f701d01ace0504a3de3d1e8649736e0a8111b7d4bc487c5a2ad29bfbbc629fa52e63eedc4f307c578151dd045cd3a1f93d5aa6b144b44
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKK:69WpQE0z7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5114) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WORD_WHATSNEW.XML.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Java\jre-1.8\lib\classlist.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Primitives.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp	0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe

C:\Users\Admin\AppData\Local\Temp\0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe
"C:\Users\Admin\AppData\Local\Temp\0cb7026d16206b6db16b1add2559548f24070c38ee654e97712bff2ea9d49a27.exe"
1⤵
- Drops file in Program Files directory
PID:4948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
Filesize
82KB

MD5
2e85bcd548004150f6450b6e5d41363b

SHA1
0dc1bea3badb6e5a3ba5109fae30dec401e4fbd7

SHA256
a8e8612a5ec50eff7973e66682a478fe7f9193214cbf0f087246068269943b94

SHA512
42aaae12a3d9f3bfcd7b6a79a1b6ca7c96dfb8048192295b407745f679edefe265fed00b3d24c99621e4b0cbfe82045bd5fc88c9825df3241093d5fd853280ee

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
181KB

MD5
343511ca6fb1f121e0033abaa7267a86

SHA1
c7a487c60a50fed9ef36bb5a12bf5cfbc24d0793

SHA256
19939d79c4f578e300631d541f5fbc78cb2c713188786247511b49e38b8fa627

SHA512
1a04b56074e72c98c55df1f0e5744aaceacd1d371b6caea6d56cb6d054a42336f0518e7b644f5c974ae623640b0e279c01dfed762988e86364b274f88d58b6bd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads