146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b

General

Target

146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
Size

76KB
MD5

6a0a5e04a3e17f5ae70bf43245269d69
SHA1

1c0a120a5277df858bb06cbc35390336f059c379
SHA256

146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b
SHA512

ead9415b359e0dcd2bda113ce113dcd27aae9f19eb42c7d9cda4f91b3f9e7a4bc9a7646fa57df7ac03548b9f160f7d33995fd1174faac71da15b2673f929a868
SSDEEP

1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOM2kJOMIsKsc696a:6e7WpXYvnda

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (915) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe

C:\Users\Admin\AppData\Local\Temp\146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe
"C:\Users\Admin\AppData\Local\Temp\146d7b7d8eb8e2d57de539af49164723e40b196b7654a831e342aa760b46418b.exe"
1⤵
- Drops file in Program Files directory
PID:2236

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
76KB

MD5
862a1fda67b32cf895a790c5ae3cf9e6

SHA1
bc6d6864c9262e96fbb3148eb0c91aef06ccfb00

SHA256
1a93622830f3d1bb9499899080283170245743c49dea2d42b2d2f15710a6cb85

SHA512
e290de5c64bf235bd55349b5e51489377d0ee4349c79735f24af590f033c44654492dfd6a8ea908fe23ce48ae16d3ac7682cce8bd48c5a5f71d7e4c32d5d2895

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
85KB

MD5
2d8a260223730677151a28513a28b40c

SHA1
589dc334343af44d7f111f8883542fc36510bf73

SHA256
bd27092f899097f58a40cc78a2393cc1480504a936b44f21b8aa872158d5e292

SHA512
1f41670321e0c552624b36f0f68d1559598bdbe49cc4cfdd1c44f818fcd0f12e8674fe9cac51699ac612dc1acd30f8c29c46a055f3ad2cd3489341512e85cb97

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads