953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0

General

Target

953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
Size

68KB
MD5

550f436fcab4c5f0124a3bb1d3022235
SHA1

d6cf9dd622f29f1de71902db2a8133943293b279
SHA256

953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0
SHA512

c96590564be0f0a5173c48c4f25517bee29048b81c73661aea6a3af7764fc5862046d05c214beb2432f6342db99dcf4ff3379f7ffab99eede31276e3680969b5
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReL:W7ZDpApYbWj2WTWJe+e/q+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5264) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\wordvisi.ttf.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.png.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp	953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe

C:\Users\Admin\AppData\Local\Temp\953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe
"C:\Users\Admin\AppData\Local\Temp\953e3f8ae65778773d1863d2f233c14755ca51e67c7324763711f78bb3f305d0.exe"
1⤵
- Drops file in Program Files directory
PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
68KB

MD5
d88bc93898e6dc6941763ff54a2bbc7b

SHA1
4bb70c78d26ef714e903d7aebec5e944f21f8589

SHA256
c2890a7abaaae08825e69fb30e170735b8ae8c91e717d9b4455c95bc7cd10cec

SHA512
c9be6d72e05fa243cd051ebfab9ac538f0774079d9e0d040d15e14c9b2ca527f0ac7e09b90f7c94c0a385482c6203e1968d9b9b90886d45e09359dff47b15630

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
167KB

MD5
ede05429c90d3a1531281a58f3c0e289

SHA1
56c9cdcff3f5e383e935b91b8e975388a457fdd9

SHA256
36cbe4aa82643245854396d969b0c6f97fbd904a54a38c2479fec882cbd467c8

SHA512
0b249dd3ea7f0052ff39db71d7357ca8cffb5d5296dfc5b00126d1069922a1604b5123b79de4690553feb8ec63a672392c3d90781ebbb599e8db092595539cfa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads