9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f

General

Target

9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
Size

50KB
MD5

91a00c5b97a6d612568c471b64ceb568
SHA1

ed4379b0228438d47a3aafeeec95342a25c79525
SHA256

9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f
SHA512

4ecab075c6a4565dfd77f34962336a6bbc130651ead8fc2ee7426d0d2ac4d8ed93a6b1d28c529753a5abe7d7dc068504b12fb07e9274ae6cbd173f04f41aeb18
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5n0:W7ZNLpApCZrt8PWGoPWGANdN0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5320) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.png.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\manifest.json.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\PICTIM32.FLT.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEEXCH.DLL.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp	9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe

C:\Users\Admin\AppData\Local\Temp\9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe
"C:\Users\Admin\AppData\Local\Temp\9d4f209696fbbfe33c62b3dc9e927907bd1d45fa8d6c99c9893c1ec38aed6e4f.exe"
1⤵
- Drops file in Program Files directory
PID:5000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
51KB

MD5
71b6e1ebf903c64b3b844e1665f2d827

SHA1
809659ae9d4eabec0e8aae2e11bee1a3d486767d

SHA256
0e2880a5787a64d6270408514e744c91da9016fa184e76ef7cadf691326ba600

SHA512
bcebc0766016ce12e89f4e4fd76efaa533f38726bf0a4f387d43083ce9e0f84d29acc671cf3670b40ff97653a8609076494c56b02ec82e40cfbb101f9fe88d52

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
149KB

MD5
8bd153ac673f2e5794574baa62274e91

SHA1
e1fb0528773b48e67ff556f0da4851965079c2d0

SHA256
704459a5df09e9fd5df43a0305b36b41e6bd9530bd1dbef6975499fdc82a5a49

SHA512
f09c540d9802ec5c38144790e4b913e409a44176912f43e1a07c6ba71854ca8b476ae42a35561fd2d55f79e1db0f2971ec17371891e515543216aa612d87c1e2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads