24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d

General

Target

24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
Size

160KB
MD5

5e58352646efb39d9a1badaef2d25a3a
SHA1

f9e13c5696644b2374eec58854f3d4ce7e3bf5ce
SHA256

24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d
SHA512

804746444459ff2ad59d8b6ae9d14f46d060077f2c3dfd54e8748eb2619fc176d8119575aae5fc53ec5debfd385d7080b942d7baa15eb9dc5d89b46bcbf355da
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c5cfYfunznvazPIi:/7ZQpApUsKiX26ez4VGgEvKRzNC5W/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4726) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\msipc.dll.mui.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OART.DLL.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe

C:\Users\Admin\AppData\Local\Temp\24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe
"C:\Users\Admin\AppData\Local\Temp\24f2637dc517ceb3f014e51433b2d04fb5ba5ee9b1aedebe2cf33f46f6cb428d.exe"
1⤵
- Drops file in Program Files directory
PID:4436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
160KB

MD5
6badaf84628abf20dd6e2de373c4579f

SHA1
afe7fc863b82dfab02ac6449e7ebd7e0e923aa63

SHA256
2d4ec95089ab1340a3f548f43aa11fb185779a6f0ae6f36f81f697901dac70f2

SHA512
dc1b29c0f8fc3d3ce179213742302220728db6f79cf6c50a210683b90a30c0bba7abf2ce15eea1436f801b08f6223e2a2e4f256eb65665c199b324fc3b927f2a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
259KB

MD5
5db4851846add106602ae71fbb0c4f04

SHA1
4edbc8544a49e35647a2c32716b96b8f6c44ef22

SHA256
78c0177d879d647a708bff7e750f5fba81b74985605d5acbe5e7b5405ba69d4a

SHA512
4ad0ae6ef335346cd2552b136e498f9e0a03f02cb4c97d4967cb1c4e833226cfc6a9c08576bfa16276d02be5acc03e85eeea553f7bd5943840869ae2dcf54423

Download Submit
memory/4436-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4436-1662-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads