a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b

General

Target

a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
Size

79KB
MD5

013f0860e043d6771ece566a226622b1
SHA1

d6116d5d9fd1353c2afb2bbdca337908d4484b5a
SHA256

a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b
SHA512

f4d6e4683bcdf46980c1bd4a86df2e6a53028b7ed9e0c855765a86a528c889731b5a7aa2b5a3ea0dcfa68daf3985710f728bb43dcdff5e95e397342d0fbdbccc
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORRe0:W7ZDpApYbWj2WTWJe+e/qX5

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5008) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Java\jre-1.8\bin\instrument.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\el.pak.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp	a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe

C:\Users\Admin\AppData\Local\Temp\a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe
"C:\Users\Admin\AppData\Local\Temp\a21889b47f2872ec00422c287cf6a3f6f382424a833956dc467cddee3b63984b.exe"
1⤵
- Drops file in Program Files directory
PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
80KB

MD5
c7847de946a441b2614ab420f83f15bd

SHA1
79109832870a0db202c571e9450b7eea6554e53d

SHA256
b7480e5682d72c60f1aea5b450a9973b310d887a2c59e5cac9a1461193d4e910

SHA512
fdebc884f9726e9484e3d89b2b744529f3e309cb2822b70091516142c96d3d3f4635152ee121995c958841cf895228766f730406d2eb204a154cdcdddf6573e5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
178KB

MD5
c6acac24806f7b148fc03fcaec1ee789

SHA1
8697222edbe135d55d55e1b11ebf0df7c0fbe29b

SHA256
6a59a447cec5d375be804f646253d31db2602f226e0d0e4bd118ef61bda0face

SHA512
f58a4c808ed05dabbd9a37c419c431a04f4e9eb2cbfa1cb353d3f4ce73a8e823d44d31c493b3a17349da6322e4ea857c29099ecdc8bd8e19c7c9123cf44cac41

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads