42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349

General

Target

42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
Size

93KB
MD5

2278759a66d0bd0e39128083bb6cd35b
SHA1

a7f66c8629ba2d867d6a34f42087cef051b1b546
SHA256

42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349
SHA512

eedc836e63997c104ee69a74c6a4303cd89c049142c87a7dfd5ee98cefcc32d758fb3560eb80d1b5c41fa7fa439fd855bb03d8de5682423251228cf0a8a9471f
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tJFFxoN3NBGn:6e7WpP9oVLQthbYY9oVLQthbUrt7tFx1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4836) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Uri.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f33\FA000000033.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.Registry.AccessControl.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe

C:\Users\Admin\AppData\Local\Temp\42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe
"C:\Users\Admin\AppData\Local\Temp\42c5a53be66fa95fc45e98de54fefca9e03616637b96400deb1c046de9988349.exe"
1⤵
- Drops file in Program Files directory
PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
93KB

MD5
643153eb507248c4b30e50db1b6167b0

SHA1
242905643dd2e79a9fcd4442c7766a8f15904846

SHA256
f1ff5e69e6ad3f39f994581ab7f9c3d14264df60a3a46673121b05b2d0143167

SHA512
54e7e11abf9d765bf98e29f1d14000ee700e9514990c3fec3a2235fca8eb8d8b685071109abcd9d357dcde5a8faf93e9d95a800c2fc0ba5a1ee78f73edd796cd

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
192KB

MD5
743c18bb87f54476b99e2591b5b08477

SHA1
d1b2f0f1fc2f96efefd9b01c514034e06bbaf6e1

SHA256
3000490943aaa938b0467510cde2b4c82b3eaddf512a7d203ebce0b0e8780b10

SHA512
7876c5cc319d1328fc9d0815209cbf896f13ef187e22df977106734da86c095ee4f485b51b6dab356f33f311a6287634a78568f329cf7bd9a685268d3641148c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads