664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61

General

Target

664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
Size

78KB
MD5

0094d3835923fb9736580799bc42e24c
SHA1

2dbd0e7ae7e1d1fc1072cff7d7a8732341820a75
SHA256

664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61
SHA512

a2237d544fa4a8af85a596f94fcfb79a6d8aae220390479271d817043ddcf5fc82f84799bb017edcfc50d4c3f0f33860ebad264c9b3ff3ffe2cba1ec636c2a5e
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7YWtMQQQo:6e7WpMaxeb0CYJ97lEYNR7Ztk

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ro.pak.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\msipc.dll.mui.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\Pitchbook.potx.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe

C:\Users\Admin\AppData\Local\Temp\664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe
"C:\Users\Admin\AppData\Local\Temp\664ba7e7743f5836ce5fa856e08bafed36d22f9c845b303854c3fd6d670c8b61.exe"
1⤵
- Drops file in Program Files directory
PID:452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
Filesize
78KB

MD5
f62787630fb1f76130ab9a22e9064b02

SHA1
1eff785393d13e0749d788aee37c2698bbbe9a09

SHA256
0e0a34e97fa6e7fc9daf56373f95f15c2470046eccba9008e1f692ca0671c939

SHA512
81f495375687cf30f1751a9655a6b6da41b1e5938fd4a9f6d6b5c4a0662fa8ba15a6f12af353a53ef2f1f2f11752c465656d5fd4d3f970b77fcbed87d3fff9d3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
177KB

MD5
feec9cb7e4053053878f6f0165a65667

SHA1
d702a0d7ae3f33e39bb511ab19668c66e0d74610

SHA256
8d4d0e54170a872c4325927538a6735c02af751b440328c8d93b10d758558456

SHA512
f04b36c35331b0cd79c6fe0512a0459668ca2eab23a8de00fd6022631512216299428d9ca9f03ed8323d3a867c253e31f58d1ce33debd70de3fcd7efe71acaca

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads