df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c

General

Target

df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
Size

78KB
MD5

5f6ea5a00a1da4a01365ae5c2acf89f3
SHA1

ba506acd701b46915caba5db9c05f5c24de3123e
SHA256

df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c
SHA512

07652559db253f951aa3b112813ef5d418c8e0ec4cc4ba259cbe9f2d3d33478d9624329db11f588780b24782ef4fd955d87ee28023e21d33c19e19718f6c133e
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2vw:6e7WpMaxeb0CYJ97lEYNR73e+eKZ9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4839) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ur.pak.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OART.DLL.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Input.Manipulations.resources.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp	df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe

C:\Users\Admin\AppData\Local\Temp\df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe
"C:\Users\Admin\AppData\Local\Temp\df7318ab9cc09beba4fa6e5cadb3ff3c0e76d8673520d741ef8f2ca4231a496c.exe"
1⤵
- Drops file in Program Files directory
PID:640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
79KB

MD5
3f1237b251238b594a1b32585b7232cc

SHA1
b478eace94f61592876288539d654c989f21d39c

SHA256
b3596deff72e01fefb81ac520ced924bb09f51905a07128683847e4d4d41dde3

SHA512
3c47c97b7ab9a6611bfd3fc2b1368f680f01fd14dce9ba892a291dad9f056b2b107c9c1c9f8bbeba3fe8ed26d11246cce0ea6b682bda4339f1fb126d22cc942a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
178KB

MD5
77d1b8da5ff6495d65ce8f7ba5a7f73e

SHA1
3dd0e88f673dd6c77ed7b12ebfe9bd9ef65eec17

SHA256
2936c2bd9aa89588c57be15ad904567fc68b46a9ccd418586969e8e125ed0f45

SHA512
0ce591e517ec6768a6ca4aa498cb3f481f8a0e9270d20e998006bb3b15ff09905a9059cdb00550f896f029e455073c8f9554e373bbada77afb12423c7379c97a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads