9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1

General

Target

9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
Size

123KB
MD5

475f1ba4337a8295e2736cfc8ee6f8dd
SHA1

b41263058ec59b210877a4f2324128913cde69db
SHA256

9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1
SHA512

4bc0c63fa813607b244452493cb0161f1fbe6ce1565ff8e53ab4c3223ed4f3f27cfd6e7d602ea192c2a080b8d11e4061bed6241ef85c30b4fdda676bdc385acd
SSDEEP

1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1jbj5:6QWpkzlfFpsJOfFpsJ+n6j9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4851) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\FA000000050.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFRHD.DLL.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms.tmp	9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe

C:\Users\Admin\AppData\Local\Temp\9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe
"C:\Users\Admin\AppData\Local\Temp\9b4ac354b6c51768ed336f7aed160cce287cd2e0bf82b0890c34e68d2e1b65d1.exe"
1⤵
- Drops file in Program Files directory
PID:676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4032,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:8
1⤵
PID:4584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp
Filesize
123KB

MD5
fbb9fa0a66170e3392796fecf4f33026

SHA1
ea7d742211f3dbe711598267e6853b11a592c9fb

SHA256
488fcee858735c4d7398d33ea4d9b3f8771f27bd57452e8d52258d92d1d203f4

SHA512
0a0652f35a2f7d70a13a5d81213ac62fa68c478a6bece522546511b638d583fc202029a76e64515bf8ec8aa8cad80ba79d4fed32e207a4613a4a043ad2005a9e

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp
Filesize
236KB

MD5
7279310b362843c6a0350b870697d9a1

SHA1
5f206b256558b230ec0ccb544584f85a8a7cd42e

SHA256
b66cf27d59a705214e31e384c864ac9741230142aa9023aeaf89fedfc6e2305a

SHA512
9a36912d70c35e01f3c5a39889864e59135151f2abaacea1f043b3350a336cb9a396eee5e5ad36b28f57a3f6e769dd6ab0290cb584f3033c10892089b928abd2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads