e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b

General

Target

e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
Size

46KB
MD5

34d5e8fdd777d4a21d0656f37fefd76d
SHA1

893a9ed2d2eb9932ea41d2c380c6ac630ee1c1a8
SHA256

e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b
SHA512

bbf0acd77ab1ba87026a4d1242d26cc6a024fcd2f3ad71a858fec87112c846406c81c3d42135d02eafc043da56aa8538eb87938e83059be46b5bfb9f67b9c6ab
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1Msh:W7ZNLpApCZrt8PWGoPWGu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5284) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.png.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CLICK.WAV.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp	e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe

C:\Users\Admin\AppData\Local\Temp\e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe
"C:\Users\Admin\AppData\Local\Temp\e8dfc954741642b1e11ffb64f04ed7f583579253ac75014d40edd49852ff2d0b.exe"
1⤵
- Drops file in Program Files directory
PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
46KB

MD5
4bf4ab17d6342bfccffb8bf75d332e64

SHA1
e78ddb15fe1b7345c305e1c6585800fb4f3ac407

SHA256
f8036fb872523bbf8733ff84c4f252f477aa9140b644b5abc525a7a51e93a983

SHA512
bea271ee66e6af6c98cd44e3a7dbfe786fa49896b6d53b835af8a5f8e9f1f9aa0ee90b3a2ae463cdb38e9d988cb06c279ccd3e03e749118cd360bd0d02cdbf74

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
145KB

MD5
122b7927028bf4c96405fb6c66afaa90

SHA1
9fc073924b65ca2353a7023a4bc7c33ce69fc360

SHA256
b7b27563408ceb048b8828f864b6a8bb5c5a19877a7443015149f773e8a6d4e4

SHA512
fae2d49bca56c9e1fbe6c7193028746875c34355804d47a0525cb873e39b06acbe65b7b54059ce2f7cd0918607b15dcdbf6eff5c1a7e1a875f28d84f1454be9b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads