96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f

General

Target

96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
Size

82KB
MD5

7fd4fad2f6951e9555b2d98f99ba3a2b
SHA1

10e652aa37325acb177fbccbf8ae5ad678a22d17
SHA256

96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f
SHA512

b43516a7309ee026c71e934837585475e3d9e0ea3285a57c5eda44e4e1ff5f6cb137bdfc060f0a5f64ee18081b60645913c546a4a4022732a30bf9d8c3217b68
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhb:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsi

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1385) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ServiceModel.Web.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Serialization.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Controls.Ribbon.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-profile-l1-1-0.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Extensions.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.DispatchProxy.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationProvider.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscorlib.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Json.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationTypes.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Xaml.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.VisualBasic.Forms.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\UIAutomationClientSideProviders.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Linq.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.PerformanceCounter.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationClient.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\WindowsFormsIntegration.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-stdio-l1-1-0.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Xaml.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Forms.Primitives.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Controls.Ribbon.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Xaml.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Parallel.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationClientSideProviders.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.Common.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.ZipFile.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Intrinsics.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.FileVersionInfo.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Sockets.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationTypes.resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.DirectoryServices.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Writer.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe

C:\Users\Admin\AppData\Local\Temp\96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
"C:\Users\Admin\AppData\Local\Temp\96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe"
1⤵
- Drops file in Program Files directory
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3848 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:3316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
83KB

MD5
e86eef2df0f91e120fa85c6f09fe6acf

SHA1
bdc879ecc76e3833ed221c01e748ade75ca02bf4

SHA256
0017e8258c111599ef9ef9160835d43e592b5bba5cae490336bb7f71258fde96

SHA512
67a56b4b3f0adb6043ee7ed6b4d55a7772a9fe1c4f7dafc0d4f8207307df3fc3f4778b190f2ccded99ed462aa49dea8b082736173400557df8977833d68d8b4e

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
83KB

MD5
f37356f4ab116742d82d84fc6bd23bd7

SHA1
c7fa90201bd56f4dfc2bfb2156005ecd8c043664

SHA256
e93abcc1537475a715f49df2adb3d3e9cb6b096505280a9d51665fa6193b00f5

SHA512
7497e60bf61850b15b0ef26f09d5590cccc69ad1b29caf18a9d9e534a3b01ec13b87eb5375e945deac63648853670df22eee370cc41c54914b9f16f72d9f1361

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads