db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4

General

Target

db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
Size

74KB
MD5

3b88d2bce1f59857232b25db9db48f20
SHA1

f494e35232a7ba9a926d6b44e05730a5e810c8b2
SHA256

db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4
SHA512

6c1465e54447156c11e88ae604d6e6466932e3fe98c9a66777c93c12cb83b3e8c618059ae7e967c60c6b7e1067976be835d0ec4baf37ba5eed168fb5e369fac2
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJf:W7Z9pApQESOHepOHe8G+6E65TGA3v3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5011) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\th.pak.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe

C:\Users\Admin\AppData\Local\Temp\db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe
"C:\Users\Admin\AppData\Local\Temp\db5225b44a4bf7d28e65ba4aabc41ed6c22a5f5ca64f3f084a64d421af673de4.exe"
1⤵
- Drops file in Program Files directory
PID:1232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp
Filesize
74KB

MD5
df8b7495dac4d1f6bf69400d0a6a3dc6

SHA1
0407f2f4eae9abcfe51047b8aae32e79278d6caa

SHA256
aad48f1e427c10d3942550f84c96a2bb3ece4b139dddbbc9656c4efad4a747a6

SHA512
0f4e2b8a59f63b666b77d8205835b6579780baa98a91e7d9a633159790aef25a7c894416ac550c52b264b050ad4b364538127bb8f8cb4545ff3924f8937b4535

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
173KB

MD5
c2bac3a2d0159bf46d68535222a8f37a

SHA1
2f8bba8a75025d856426957e069e445e08d81d8c

SHA256
79bcf67e9598b1e2c93447b32bf73f4b3385b95428025a67a68e57dd95a98e38

SHA512
98876a8fe289e73c6daf0ac6b955e84b2ca5e5a79abcad4b070f5462c06de03a7a6badf59a7a9cbb275e899f5cf30f21893dbbd1ccdd068da92b9f89a9eafc08

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads