7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe

General

Target

7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
Size

120KB
MD5

53fca088c56c80dc87bb388eb59e8f1f
SHA1

f9466cdc157f47cfd8cd53e70502453deb7169b1
SHA256

7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe
SHA512

1fdedf099b410aee48d6c3c7942a99a3afffbe9ab3efd2f887d263920979b66be5a8edb3e6aef42550db1c6a341be6c09e06645dea4949af22d5bdeaff9660be
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzF:RqlIyFESWu0SWuGSwxy

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4850) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN090.XML.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp	7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe

C:\Users\Admin\AppData\Local\Temp\7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe
"C:\Users\Admin\AppData\Local\Temp\7561857f6321f9f7127de378d6430fd632d4601fd7014622a796f54486eacfbe.exe"
1⤵
- Drops file in Program Files directory
PID:3692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp
Filesize
121KB

MD5
a2b4a38283c8e273fc309fc0c0acb7a0

SHA1
059785e956b5a68324ff6755cd942ad4019c5363

SHA256
b8b1395c34c6c5a19c83e5e7ca8456e216f1184451d5e15e6afebd53749a6952

SHA512
d6f27815b09a3d389407f755b8d7be5c1e80bd263b7456dcbd107b8bc4a74511877fdbe333a0f44f95c571e10a9872f87d12bc2a5c159c45907fca82592f3f9d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
219KB

MD5
6891f097555c4518f1b67ebb35e73392

SHA1
f2b552f186b7c1ee0fbe86e631bd41a280d274c8

SHA256
5778c3f79fb2fc7e68e2d52c3152c9d3ded2cd9ab11b1bfc070d7e5e5d8091a5

SHA512
3d61ece64a716126c06e75d4e57ff86d2ab7ed33101ee0720a438a7be466e009f1044790ecfcc01d664f5457ba123d238dfc4d0f9044f01c47adc4311bfdff96

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads