b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714

General

Target

b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
Size

93KB
MD5

387ea3c292afb426d848c218d182d109
SHA1

c9169352f58d123bb54c941857ec805ddfe68e9c
SHA256

b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714
SHA512

dedf44d7c8dffb2acf1ebd750ffe7bcebe22ad9a86df11bb47ba4825b6bed7ddadc56ac1c11057c22cd9f4e2ba7af0cc7bf461e575beef57a8347425ece1c0b7
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN5:6rWpcOPxPke+e3fFpsJOfFpsJbgEf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4573) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe

description	ioc	process
File created	C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe

C:\Users\Admin\AppData\Local\Temp\b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe
"C:\Users\Admin\AppData\Local\Temp\b3e6096c5d8068b52166c68d4359fc5fc201acb7eaacb2618ea9e71020956714.exe"
1⤵
- Drops file in Program Files directory
PID:1916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp
Filesize
94KB

MD5
fa1ab939967ade48c7b582b35e90e2f4

SHA1
b2b3d52ee1aa4c4aa48ae8677ca28e42bf12c020

SHA256
d55f2836d24d459850b01b2fb2b59c8023598ac3e12bc3a6a75194879d749449

SHA512
56fa6de8f4c71b4281ac1cc061f45b8a08ee48487b6e3b2880b07bd0e055ee799c1962399db44c2a7be58736e419e004eaf6017c2079107ae373ee3c4d765977

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
192KB

MD5
52bd13a66379e8115be15f59d4d40acc

SHA1
f26b83794e374fa00f96c35d14478e7131b371e8

SHA256
a7edb62ac04e044ef02314353b00d5e4cb64ce0aa2743c39a047b6cc3ce64060

SHA512
3882af2974a77749bdaa02c756336c425d040cfbb1e1ec5c2924fea11d26c25ce7d04db511a5704dc52a83ee7c1341e621c2ebdaab90e316ff4eabc80c8aad93

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads