d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7

General

Target

d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
Size

85KB
MD5

5248c9dcfe05af991f2e3863c3666b1a
SHA1

d82c74c30798626ec55a7ef8c8a1e62c83cb1479
SHA256

d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7
SHA512

6b231f1b04bebd4ef56903eecb4c92341ee4e28e644c9649a0a754ea0a156b096cd1013ce9f1f7a4e7f72a7f44473962e5e03433f4cff4111a707df28c745121
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhS:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5032) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotdintl.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsBase.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ms.pak.tmp	d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe

C:\Users\Admin\AppData\Local\Temp\d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe
"C:\Users\Admin\AppData\Local\Temp\d5c3936fa4b87174ac8733fe66bfdfcf5acbaaa80036a0beae957b7d8756a7f7.exe"
1⤵
- Drops file in Program Files directory
PID:4128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
85KB

MD5
76d2ef66fdab77358002420966609e49

SHA1
b805f4dc507a7572e33a9f3ae14911932ae8fa5d

SHA256
68d7a2e1e30cbd9c5ee8f7273947fffc60ce78039a80d6c30441efe031a39a94

SHA512
3c77d70a671ce15d8d443fab6db8b665d0d9cc1e7bea92f1d12cac944dccda784bb92edc4e50bf1af302a262d4221fb87a5ce0ceab38bb2904d5c8049890e7f3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
184KB

MD5
af8bacc876d4450a98b06bdfb2a87b0d

SHA1
2d591f911a34ec82dc44611a81542ac0ac6a85b3

SHA256
5af8a86d3a530628887aa1cedece77a0186b3d89530e2552c6bfed173d295fff

SHA512
af3f654141b7cab6a35410ca819c24c3d9ae09e00e27a73b4226c63afb5a4cbfd7385db32b0085d9c48d3cc329d6b22a9a14b73ff86345613e891656f9db6c5a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads