dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa

General

Target

dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
Size

70KB
MD5

297fbdb648bd9940e76fb16f68a5300c
SHA1

63d7ab6533cf37ecdd5cd909aedaa549aaec9fb9
SHA256

dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa
SHA512

82fe32988f93b1b9aabbf0ff20e9b15c39b2b873467754c6cc9608fba1424af022da1d9dbeb43fcd935ccec55335ed076a3ba47ce1101b41238830488ecb3bf9
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/UQT3:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcx

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5117) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.tree.dat.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL097.XML.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.tree.dat.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyResume.dotx.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OART.DLL.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\JitV.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe

C:\Users\Admin\AppData\Local\Temp\dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
"C:\Users\Admin\AppData\Local\Temp\dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe"
1⤵
- Drops file in Program Files directory
PID:4740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
71KB

MD5
5c96800abae7758e30101743c8df9a0f

SHA1
eb8a4e5ff109f269407e70331e9f09977d9a2e60

SHA256
bf3ae1ebba0e6d2ce70ddd3ba2a809fca58e022dadc403ecd773a1f8c03d4be0

SHA512
72ad0c9acbbae4464d5471393395a8a5c3001d2efd23142555c301996707783ef1080b9d073594ce6ea18d7d307e423bb0f381dac66e9affaf67f96781d5951f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
170KB

MD5
3b5522cf0ce683ade0aece85267d53a0

SHA1
bd6818ebef8728c1c3d355700c08c56d5d73e9db

SHA256
abea652d1589dacf795ad4a3a8995e6ad49b7b902b5b36d2540f7a120c8a30ba

SHA512
822d8c2d0c8f9cc58385c2b1af12f73df5be80369956b0c85d9af2eed03a2af88ce717137103bd4ebec4ff2e0e6f6d30e56d852c88e62f8ad28e4abb0054662c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads