40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0

General

Target

40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
Size

115KB
MD5

1b9d7ae5ab0cf2e57fd401eb0f596492
SHA1

664bd47f4589829703cb6762cbc1cb4a81e8ca77
SHA256

40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0
SHA512

cd1c86186f9d731f23a1a80fd8aa4819be9e5caa00df95bcceb9e2da11ebadf2cdc91ac56be357cbd4354871669178e4c2b62a819bb27bad0ffe62b7cd474eab
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzD:RqlIyFESWu0SWuGS/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5028) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL.tmp	40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe

C:\Users\Admin\AppData\Local\Temp\40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe
"C:\Users\Admin\AppData\Local\Temp\40048887cff3c2bbaa360175b21da244e41a2bf0e426e2f5ad8452c55072f3d0.exe"
1⤵
- Drops file in Program Files directory
PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
Filesize
116KB

MD5
a6efb5ee0c6467b6e49e37d27b77e1b8

SHA1
eb4aed6e8ef7ea52e0db6f00c4e8dd51d5c99a1c

SHA256
726d3a2fd0884c019ffae507c405cec81256ae99395fbdd8d7c53a0ecf5d97da

SHA512
159c3e88433ec328a41dcdb0d76c41a92fcfc40c22f80da0a8349c6706894e585439e6cf3712b8947aae9c6b49f7532d06c4c21b9f348488aa6dd3fb93044224

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
214KB

MD5
9eea60f7ddf926c6f19526b578ab535c

SHA1
66c59e54041ed3f2c78df63207a0b6b8229bd066

SHA256
52ed8254434195ffeef257fb04ea8a6b53cc2159ea30e1f8cfa2085f91a7be79

SHA512
56b50b76e75118caee93634215b46c1d173ea20bb25bc5b524155d298f9c7cdc1161dde4b4fb915bcffbb58ee255ac7e3d817e2c07bd2fc017c0a5b2b29e8a28

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads