f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387

General

Target

f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
Size

78KB
MD5

404852d9660d88861d6f8665ae9e8e31
SHA1

ca9a383c9385b7365cf3738154bb73113c76ee25
SHA256

f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387
SHA512

f3d9aaabaf6a20648d34e16bd9f2667758ce649bc4d364085df56ce688c8b121818cb0893ffff09bb91423fb24e1d4e0290f49880f5f44794899caee637c87ac
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhO:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsT

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Xaml.resources.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-ms.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\ExitDisable.svgz.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.TypeExtensions.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe

C:\Users\Admin\AppData\Local\Temp\f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe
"C:\Users\Admin\AppData\Local\Temp\f172b697e2b9d3cb94bd2fa9bc5a0f180ab9577415cf9b9f6a4792858fe3e387.exe"
1⤵
- Drops file in Program Files directory
PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
78KB

MD5
5c825f84c864e549fa093f2024e3eafe

SHA1
7009d2e6ff8767572d1da5114d8819119063f2ce

SHA256
da108c230d2a30ad6abd0ca748dc712eb323bde60c8894ad6c33c887516bdfd9

SHA512
8d1189b9eef9b76413c7d7dc1b998ee42ad29f1f1c6017cfbe8be7ed8154ecf2f1d8126ab1a8b5412e613e15b1d4aa5d44814e558344b50134fc1c13bc5d8dd3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
177KB

MD5
bfa01612598783478d51aa3c91029d45

SHA1
e7b5cf3aa2b6d9a25f45cf5374a08f30d9576425

SHA256
1b757fccb65584a4cf748617177d42460deb3508efe6dc822ae396766bd97ddc

SHA512
cff54ac9b61f42fe604bb72c7bd55a0b09ca3668ea71ae4cec8a08d846ea0666d88409abaf6cfb2d8d85e866c5b38c956dba8730fc24866bcb044838d4e035ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads