1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2

General

Target

1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
Size

52KB
MD5

50bb6830660b1506dc85c05dd5b8bfe4
SHA1

6fec2f99905109f1d3e8316dfe667c566b11ac40
SHA256

1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2
SHA512

b9508acb9b1e44e6c5c5367c406fe5092f0a323f849558d60c1d318018a0f80cb401b9d601a4d1d0cf18ea75ed36dc0458d4b26750ba84284107721c4c0c4256
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5nUKAbJQKAbJR:W7ZNLpApCZrt8PWGoPWGANdNT

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5002) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsFormsIntegration.resources.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\AppXManifest.xml.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lt.pak.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp	1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe

C:\Users\Admin\AppData\Local\Temp\1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe
"C:\Users\Admin\AppData\Local\Temp\1ab695b64c826c6654b60db6d68973b9cb5b51ce317bc7b107794a19b73d27f2.exe"
1⤵
- Drops file in Program Files directory
PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp
Filesize
52KB

MD5
ebc9773cd5fbcaee92141b076bebaf3f

SHA1
d6ceb9aa14f87899afdfb378cc79fd0436f4f476

SHA256
d12580fef0ac2bdf9c4b760c2dbf690ce87a4f89fa85cdc66a4f78ab487653f2

SHA512
16fce049df2494ea3c11cc64aaa3ff03d528b7ca9ed18ab00423bfe175aedeaf6dd78b736e2c1134c1d4191cb34fac3e2b7c1016a93cf78a52e04efa426b334c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
151KB

MD5
a5e0b260fea605508e5ac34afa4ef8a9

SHA1
971956007e7bcade9c47bf9179d7b70b40fde08b

SHA256
7855c72585214999c345ea6754cff55d1d9c786ed95f608b91c2a21bb123a659

SHA512
24dee899e8f12a0bb316a5e2349fbe3d83f1c2ee04b7b54752f2280ce1f788c132b28a1768d56ca7a0fcbe3e4456570a3d9aaead8de6b468972599438a55c7da

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads