2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555

General

Target

2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
Size

67KB
MD5

709d712dd8d19eea82bcf2c62165313e
SHA1

8fc5dfaf677c3ec01b2a0ff6b9e348f6942c3378
SHA256

2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555
SHA512

a2a1a2a7a54448317bdf6053874ccac3fef7bb9c750ed88ca5534d78c9a957d5d0dc9de2ded30af7ef8d9b4aba91f7957f70c4eed0b7794ba9b1adb7d60bea7f
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReL:W7ZDpApYbWj2WTWJe+e/qc7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5073) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.DLL.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ppd.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\rsod\onenotemui.msi.16.en-us.tree.dat.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp	2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe

C:\Users\Admin\AppData\Local\Temp\2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe
"C:\Users\Admin\AppData\Local\Temp\2fa3fcd7f13cbcbeeaa7315fbf580315abfa11a27989f88a6a25a62a84376555.exe"
1⤵
- Drops file in Program Files directory
PID:1552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
Filesize
68KB

MD5
c8abd30887db1fd4b69953011089296b

SHA1
93591d70235fe57c20d246be720841594c56caab

SHA256
d147cd6dfb2a6333e44a392a03693b643e9aeccfcd6097739ba36a90cb4e2479

SHA512
bdd75cf62c5d8f9c6d81f4f9d90a0f15f102809ce32ecfaa2bc080df56f47afc7a4ce5b10714d1ae521fcecba19539c2409f13b711a6769b73b9f827161c563e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
166KB

MD5
448e65c5d0f986eb0cf5d99be1769cfa

SHA1
4a098d28ccf567bc2df0f46bb8c13a4a6324007d

SHA256
cbbecca87f01d21ee91cb14c9368401de0b36e66f9abc27e9ee745e68d5e3ce0

SHA512
388952bbc81d2273ec2ee54efa31452997c88412db6137fd4942b1de6a4615d254bbfb6b16866a9af8939ce1f7a91080ff73046c970f9aae6620b38bd53ac484

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads