3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a

General

Target

3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
Size

48KB
MD5

5ab7b6e8b69761f3f8d8e064e62b4f81
SHA1

35d1db1757ad08e614cdc9cb5f7c94b2a8be36c6
SHA256

3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a
SHA512

a6419fe386011b2c32c76439fcdd3c9b51b8e8bc7ebc338c5d8735b6d37d408bba03bab5d1e09e37a0bcdf9f5177c67d5316626be2349fdbe70b5fdffbcacb22
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsQVl:W7ZNLpApCZrt8PWGoPWGH

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5307) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.EXCEL.16.1033.hxn.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySite.ico.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\TEMPSITC.TTF.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ar.pak.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL020.XML.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\Training.potx.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.tree.dat.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp	3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe

C:\Users\Admin\AppData\Local\Temp\3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe
"C:\Users\Admin\AppData\Local\Temp\3526777623371641ac06ae1f59fecaa07e308ee51ae036e4e87366e6ac76271a.exe"
1⤵
- Drops file in Program Files directory
PID:3472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
Filesize
48KB

MD5
19bb027806a49a69bd12043e79dafba9

SHA1
8dcf44c08acfc675820025c7957ec4bf893d5252

SHA256
44006338fe4d86b6f20acd101d81849744992c5b7c437c6a70c21b84270c68a6

SHA512
9d5a7da49c18b6ef02fed879e0d3cb6d15e9b7f1ca18c7050de8cca9753ee253ae6bca829f64a9610358c59d6ba8ef24d7f8f8b6d695ecc2e261aabbadc970fa

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
147KB

MD5
4582b32fa140c97c8724464e9e1de887

SHA1
7c6cfb74ccd16c052df07416aeb0cc1864502420

SHA256
d9fb5981b9880c1e862deef69a3d40127c0bf379fd718b68c0938f6d5ba86454

SHA512
7a1bce84d5f23bfcc5a6a48482be7946ea0a8c0530408fafd3bf142c171d203c428b6860de1b21f58cca0c5ae9a25f8adef2f36e6ae5f4661041b235a66dcf3c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads