13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275

General

Target

13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
Size

79KB
MD5

59957c1c4894e03adda1e03c27b00c9f
SHA1

ffabe70509fb31fbc25c247f5b20e16331880018
SHA256

13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275
SHA512

a88b6993975fc7e05e984ec5dd9feee1647276ef4f25aaddb426bc62ac73310dffd6b7759ac080cfbbefbdbacf1e939a9f67499061888d6da39275302108b4d1
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/7uH9uHo:6e7WpMaxeb0CYJ97lEYNR73e+eKZ7udh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1060) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\dbgshim.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Dynamic.Runtime.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.X509Certificates.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Globalization.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-conio-l1-1-0.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\D3DCompiler_47_cor3.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationCore.resources.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscorlib.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Accessibility.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebHeaderCollection.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\ReachFramework.resources.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\DenyCheckpoint.nfo.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ValueTuple.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Expressions.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\ReachFramework.resources.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationTypes.resources.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationFramework.resources.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.UnmanagedMemoryStream.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.Watcher.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Luna.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-1-0.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-fibers-l1-1-0.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe

C:\Users\Admin\AppData\Local\Temp\13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
"C:\Users\Admin\AppData\Local\Temp\13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe"
1⤵
- Drops file in Program Files directory
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
79KB

MD5
3c99a8ca1eb0d15bddda1278f9068914

SHA1
51b0f015dbb3b51e5d42905bc9c4168155ac440d

SHA256
cb238b0d172b5892fb70ba39b7d6581c3018639bddab8ed61868dd681dd8e813

SHA512
8160f839be1e4575cf99025776daefa11b8d838df53494ae7bfd99b459f74dc7f2077a184a2316c203518e15558a1f2c554f4fa9bb0652375107c989e909b1fa

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
79KB

MD5
e393ede34853596b9bebdb2c6eff8f3b

SHA1
1fb33bece7e4ba1195cc92a04f6bba3b59b6376d

SHA256
4462d557eb0ddda099d2050192e1e8de308966732c74587575ba6695314d6d11

SHA512
2b50e5f598be1152f862e5080b759c73b5e0355dea2e069153f764632c8ebd29b6e692e60292eecd1641c1efa9b25665e22b1c65bdcac70d38b7d6c24a2c09f7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads