a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4

General

Target

a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
Size

74KB
MD5

73f5f55c10b2270889ba05258a20a0ab
SHA1

3f4da7e71f51b413eeb64e40890ca90a4e274742
SHA256

a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4
SHA512

c40e73327a37e82698c067d048c66f2817bca27a0593aeb06a3c88e29aff0203557bb287dcb6691d14cadc8fc157586a17c603865d6174c9e0c8c2c565a6440c
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65TGA3vHq5qu:69WpQEJACUu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5085) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.DLL.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Xaml.resources.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\UCRTBASE.DLL.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp	a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe

C:\Users\Admin\AppData\Local\Temp\a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe
"C:\Users\Admin\AppData\Local\Temp\a0361199586e2131c15a0b4c39c6fcaa38c1e9a698d61d3b0f8a5bd6840cb1d4.exe"
1⤵
- Drops file in Program Files directory
PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp
Filesize
74KB

MD5
02c4c09eca5aa6ebf000f481664219a0

SHA1
5c012993000250a8ce8e79c89f9bcaae8e331d4b

SHA256
9cba3a0d3ddaaeeb73ff1850a5fb9ca4fcb6448bb595f85b0e0efe0ee4826241

SHA512
aa8b7ee15812d41dc2979885f8c545e429c033a7fe6a89433740fed36a5ccf81ee64d8b2e65df703c557015a461d1106d22dd70ef3a9e02a8b6a85a110dbdf76

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
173KB

MD5
ce1bb8bbb65cf520b2a8b6cd1ecc332e

SHA1
81871d4e7b416112eff2ba6ed8b5fe883a5172cf

SHA256
5cdd3c0adb0b629956ea34e6d67ed93b9e4135613b9fec7adec512f9260ed57a

SHA512
3856dc456e0c8716830020c3f3fd7032f819b868c97e7ffa06894380cc4c33411e330cdf1a660e8bc1c048947ea3a9b5b1af1a6c2e8359c62a8be64ad1a937a2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads