6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa

General

Target

6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
Size

85KB
MD5

3c9868d648a2a6eba861504d8f663d00
SHA1

210978a82897863fb3ea4c9ef1e6f126fc6924cb
SHA256

6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa
SHA512

e5376a740449677dfdd11eef3b13b0b9ce60bb94978c085f980ded145d9991805c496835bb9152e0a1fd7a2c763af21608a72e9192e8bf4ff99f3b1b388af2d2
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Wys:6e7WpMaxeb0CYJ97lEYNR73e+eKZy

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ul-oob.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL002.XML.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SFBAPPSDK.DLL.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.png.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.MSOUC.16.1033.hxn.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeExcel.nrr.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr.jar.tmp	6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe

C:\Users\Admin\AppData\Local\Temp\6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe
"C:\Users\Admin\AppData\Local\Temp\6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa.exe"
1⤵
- Drops file in Program Files directory
PID:3492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
Filesize
85KB

MD5
e01fc6099e7461fe1b9f23566ad94126

SHA1
60a3f6eed43f5cbef6340f737d0370eb4e09edd5

SHA256
801508f1ecf43861dbce47b6e4500a54867d140539d88b629094e1cdb121d395

SHA512
cf36f0f733d23859b0f625fbda2cb516c4431ab24e0d0f890632bb609f41bfd0142ba1a4e1c9beccadf4e79d07e23e457d7e7ce56b49998da19d5adaf18ffd1d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
184KB

MD5
a2000f63b4005502bd1b088135cd0209

SHA1
1331dbdb8500928b83f4927ba052fadb177ace4d

SHA256
960e1594fc0f5f29159d6e4e29c372f8fce64f129744f1bf725ef4bde28b431a

SHA512
c881ac4dc983436f70639ffd903c907c8a9ace041fa4d93322f95326ef5383fff20a59fa6c7beab13c2e7882a9063b968432c1493ad8f8cc1307f3644d6de004

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads