f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471

General

Target

f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
Size

84KB
MD5

34f6c16351960b76d885667774f4290c
SHA1

beba7ec4a8de79b9cf93c1a68786578287b63ade
SHA256

f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471
SHA512

c8b42afd47259ebf3c4d983accbfcf2a8e3acf59c631e4464ac4af60b8c2971c84523188be9d2472be3287cd30795da6622e2754b977f76440f322c5947f2767
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lDj:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5020) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Java\jre-1.8\lib\net.properties.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\ReachFramework.resources.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XML.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Java\jdk-1.8\release.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe

C:\Users\Admin\AppData\Local\Temp\f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe
"C:\Users\Admin\AppData\Local\Temp\f34c51839be404c17c4cd3858cae14ad2de6fe2d6035a00d6fa7c774c0006471.exe"
1⤵
- Drops file in Program Files directory
PID:3476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp
Filesize
84KB

MD5
d4326335dcd1ae9926ffeae6c53d53af

SHA1
304c1ade56c36f2af52d308700941d96cbed52d4

SHA256
52dc6af4b3901cfb3eed040ceef44cf7ed5ac9cc98bc199c7ee8df6de35dc0a9

SHA512
fecae071a35d3a9b6c185062756e53cad6db98ca9354d649f3dc3790563a06d34e199f2dbb5d96f92f271eda8e9433861b1e6547440822a8785e14ed354d3241

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe
Filesize
183KB

MD5
a0998adc848994fbf62067e5cd35f108

SHA1
e33b03cda0e4feb1e7220fb813dcecba2e60e35b

SHA256
915af153f1e0fac4c81febe0f48e7d8a2ab68af8f2e8ec9e2b7b2be4dab90a4e

SHA512
ef8fe4834b2f62e2e5f810ec0581a89fd687994fe6f4c3db4cfe11f25848dfc4a674dfad94aeac298cd43494867e4ed740f584c0ab3eb80c34f5e5313030430d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads