dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37

Analysis

max time kernel
62s
max time network
129s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe
Size

122KB
MD5

5a18a39b8c6afaff6e73ba47163ac63b
SHA1

b233a0edc526bfe53cab9e77e60d0632ef4dae26
SHA256

dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37
SHA512

ba6f085322eab18e33a633d0be0bf5c351379b95eb5043a01f3cb2fc9895493902ae23aa8751574ab56aacd635f1b2476885b6fc2978f890fc9b5f16c07ed059
SSDEEP

768:W7BlpppARFbhWJq5ovYcTEXBwzEXBw07BlpppARFbhWJq5ovYcTEXBwzEXBwOeb:W7ZppApF5ove7ZppApF5ovt

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (86) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Executes dropped EXE 2 IoCs

Processes:

_RecoveryDrive.lnk.exeZombie.exe

pid process

2556 _RecoveryDrive.lnk.exe
1576 Zombie.exe

pid	process
2556	_RecoveryDrive.lnk.exe
1576	Zombie.exe

Loads dropped DLL 4 IoCs

Processes:

dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe

pid	process
1720	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe
1720	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe
1720	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe
1720	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe

Drops file in System32 directory 2 IoCs

Processes:

dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Zombie.exe	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe

description	pid	process	target process
PID 1720 wrote to memory of 2556	1720	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe	_RecoveryDrive.lnk.exe
PID 1720 wrote to memory of 2556	1720	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe	_RecoveryDrive.lnk.exe
PID 1720 wrote to memory of 2556	1720	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe	_RecoveryDrive.lnk.exe
PID 1720 wrote to memory of 2556	1720	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe	_RecoveryDrive.lnk.exe
PID 1720 wrote to memory of 1576	1720	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe	Zombie.exe
PID 1720 wrote to memory of 1576	1720	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe	Zombie.exe
PID 1720 wrote to memory of 1576	1720	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe	Zombie.exe
PID 1720 wrote to memory of 1576	1720	dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe	Zombie.exe

C:\Users\Admin\AppData\Local\Temp\dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe
"C:\Users\Admin\AppData\Local\Temp\dc6aab1de8c52f33a56d3c6843a2499b0844613f48f8ba980ed3251b707d7a37.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1720

C:\Windows\SysWOW64\Zombie.exe
"C:\Windows\system32\Zombie.exe"
2⤵
- Executes dropped EXE
PID:1576

C:\Users\Admin\AppData\Local\Temp\_RecoveryDrive.lnk.exe
"_RecoveryDrive.lnk.exe"
2⤵
- Executes dropped EXE
PID:2556

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.exe.tmp
Filesize
122KB

MD5
bae4c8ebb7e6cbf490ae4460b5de9cde

SHA1
4340c59b0b1d065bcb5add69b35cd3fdcc8bf3d0

SHA256
2cdc18e2d7beb0b3e63ec5d26031893ed1986f7bc818eace5074447b5c5a0df1

SHA512
3446861af6a8c4bd5bca269d257721f6e39ed41f5691f4b8f0ec821d7669aead550fc88ca5dee69fbd6ae40d35778dacd5585a3be2c0edf533aa8676159b3f1c

Download Submit
C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp
Filesize
62KB

MD5
6dbdc5e83578e55ba3aa7f88ac7c6d59

SHA1
abd8c5e32a31be28f933126fabfb22e9da761b85

SHA256
26f8148f178e20fad3299c339eb6a5df34317ff71fa7799091f8e337fe11f280

SHA512
d0bfdf18337aeb154a34ebb31e973b9c20663bf1217a3cf1c55547d5462b0d3ca94db7dc1c754f92a1c047494d8ac496aa06efdd439cb6bcf7bf66c0f8131f10

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp
Filesize
2.3MB

MD5
e40e9ee0126fcf86ddb3c4b4886f9e56

SHA1
2597f1e966c27e148f7f964169cbf4a3c2f3c6fd

SHA256
357b5fcba49272e7383e6d486d69f523d0f59554871dd09be71c863281c8f493

SHA512
db6343397a763bdc7736020a5903bedc1a5b8fc950c07383a50b189045fa592ef22987da1b112b3b229a0046b9c183ba019a759361b4a8687a73b8ff3cf5bc6e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp
Filesize
2.3MB

MD5
aae9ae20e2008434b8e94fd2706d06f8

SHA1
304feb8cfadb15b1263d663fa00ac44396603ce5

SHA256
61b2a02e0802dd7d2342984089bfe3c4e91196f2dace0f68d078ff11d9d4cb75

SHA512
099d0bb0a8be3babbf9d5d2d51d05ca3bab1e58c3bea0c61e769a82ec96f690a1ed9936747925125794cfa2b1883b7550ee9f17239d7798fd12a303e02cefd62

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp
Filesize
2.1MB

MD5
1531da3437fb8df221ba3f8c40b7c3e7

SHA1
af66f192413558a2543b2651de32f451d4b01b16

SHA256
51bffeb60584a77464e687d94e530f2a8eb3855e0d1105c86bee19c4eb8eec2d

SHA512
a69feb6e45c58467a7e7267cb23f8769a9226a027192d44ce50b2334d2ad499305e2b3696662c51f05414b958ed42b611bced888c57e1ee75c9bf4e36ca212eb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp
Filesize
1.3MB

MD5
ead26fd8c95685e0e10d304e4f502c48

SHA1
fde31e3199b24e07d6e534e41ff6a47e6827445a

SHA256
cf412a41070cf26e39e6f7dd0f57a3a3ca31f0a73fa7194f551d17b237804304

SHA512
24de5eea9b25c95c7ac44c438d08708d3a729ab12f6572010343d1f6063534e94b565612530d071ef0b021a09216d49fcb2b72bf67a61139089ae6741b9937fd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp
Filesize
2.4MB

MD5
590bffa4f6981eadbd8d4960aadd9408

SHA1
e80cce5d1c9b78244bd74978c82ac71fadf07ac3

SHA256
fdd1dd9d5016ad459a1759edc644edce512720cd5d1941403e5b10b84c24eaed

SHA512
f7041ed16d6e3d50aab2014b42410ba41635f806b704711cf19b78956412f4d1fd9f65a3a7e3d5ab72b89fd05fa94c8937b9c62c110d989b67756c8155ae2a2e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
Filesize
208KB

MD5
e2d217009c1edbd6d4cc2967abc5af0f

SHA1
15f08d83322bf8b0f2eaaf2b6387252e7b21e3fb

SHA256
32b77a16e6602d90945aebb40cfe289c3629555866696fef993d991d4ddd0ba3

SHA512
11bbd2ab4ddfb0b5e51fd46fb7edfd153b51427ccaa475b982271d6ceedd488ab048e35b10fb4ce11087e26d09a4ce1388142fab41a0caaf113ef79eab35edd0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.tmp
Filesize
761KB

MD5
e344a16a4c2aed698684fb34e53585f3

SHA1
a2731a84599620facfa366895ff882c99485b941

SHA256
a6ec7013eccc1239b35f7f0f682d88fb97dae0666fa6dbc9cd96cb7a2e554018

SHA512
ada95c570c3b17139a6963d9dbe27056a9741b9bece0d12a6abdc8dd72a84db62aa3dc90d8e766b0c02c2a672070e49f54ade8ada31028b38a7af0d2492e0d4e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe.tmp
Filesize
1.1MB

MD5
6f230bce98d183097d5e0c31d5795790

SHA1
ede5a36e233de8789a4afd6b144016e1663bb599

SHA256
7ed974196e686f0f0ef2a8618e9b3349a9e4cb4656aa1107ae05f788402efd8f

SHA512
f4bd2d217d63476116026a035477c74323b1a6afef14c1900ae8e6638d141427ea5964ca8c855e6eba6102c8df623723ddc62a39292570e00f2317139aa572f4

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp
Filesize
2.1MB

MD5
ba4f4e09bb74854ef32402870bec5e54

SHA1
59aec6c84337c762da06c89a5b187ffe882892da

SHA256
e2bfa0f784e2906473d0b6e35f2ffd0c0d1836363b5b5e8b6e73e0bf2d8917b4

SHA512
7365993e2cafeafd15e6457c9da808916293d7d1253977132ea1e471202ec8219aabcfd2cdc98d83c562c69de60b94dba9e6d4d8c2c1f3782d065744e64d9512

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp
Filesize
1.6MB

MD5
aaf03b3cfca668610b1cd3932277b1de

SHA1
8dd64ca3e3439ca3918a5d8e346fec869fbe79e9

SHA256
bef1ac81f47e08578fa93531fbc36b256a7ce7071a093dadf058e0f99c8cca86

SHA512
49e93379e8552c7191fca368ca025e4ab5336a17604652f6cdbcbc58a01aac4f2d135730bb4e8d1d0705e0b6304c44e3e379fc1ac52acb08f008e8ceb86b1bf2

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp
Filesize
1.8MB

MD5
f6f22c895718b19d05b2578e9bf76af6

SHA1
40c31a3bfb55190cdd43b4fe8e1eae7d3a2f74c5

SHA256
c0b73154d50ad013019c97eab7fc1ca90b5bfc0d7acb59799444b4c6ad58c9cf

SHA512
5d37a93f073ac6980236cf96b52fe483018f3abc3ef9091d1ec69ce8130cbe9f864ed0b03d61d44b404ea5801148d461791c07050dd847b3c3c2a5e236a2ba03

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp
Filesize
1.8MB

MD5
98f30b856a59292acfef018f66e648d8

SHA1
30d72a32e673d332ff78480c404adff5adef8965

SHA256
480a48cf8d01b404c5f937464d7825d6d1627d2fcb320ef47c44e1f405e2d495

SHA512
ec491461ea1a77b5892f0a7c4fb026be054a9ad2ad60f573b3d17a37798c26a02797237f325def6568e7b7cc6b81a8cb2096bb02f64b69c015bcc5a3a173d408

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.tmp
Filesize
63KB

MD5
2cceda798803bdb27b89808ecdaa8ef0

SHA1
3351e58c4c753004f2020e187bbc5d75f926c32b

SHA256
810716b14d676120549ad4f6bf3b8a7ee383cb8547eee6fafb9bce4f9c3541af

SHA512
cbfff9ef45382234f915929d3bc84c80e1a4cdf6a226e6c185f7aef8d5b8f5034603801ff316d2a7022e73fabd4878c99d4fb8d9e077d8ea290e68ee040fdb53

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp
Filesize
2.5MB

MD5
962f091d3b78be4efe17b332caeadaae

SHA1
17e91c89b492f0870a034e913f9bf04da9733a8b

SHA256
10dca1b76812af9d2b06b95129d3b3d1cb9013d8c4193d1f4726f57d1a02b105

SHA512
2a9468d5c39d07738f8307a5817682350f7610187800675f8306c297eebc5685c9cb80c28b7f12ca1cd97b910202a03ccb0883b5153680a5f5452cb60b69d274

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.tmp
Filesize
65KB

MD5
400c7929ab6d7e92892836f3219bb3e5

SHA1
ee25981e19a6c1658cd1ac962de287bd98b867a3

SHA256
77b0634f964d5ce9210ef3b62c1ba45e66b120c0f303f8f55a46c5009fdf8c81

SHA512
c9f045eda95bfc36818ca34af7ebe8f35e246ff400a0b1fb639e78d5a77881a4e2dbd28c42e9879de4f13fa96805ae2c9b928e4b267b90ff795f16192d7bf830

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp
Filesize
2.3MB

MD5
befec86f3861d02ffdbe4f191c2a275e

SHA1
4617ff7f1975281c780ec8a684c33c988897a5b2

SHA256
eb06139c483719d0b6e81bd62db021634a6071f14bb079712670d53457729069

SHA512
d0919e428fc4dae1a18344009861c210b8fca4b08956f83807fb3cc4f27d5dcec610d419a613ff942dcc9dca045211434f2080cf7860d5db090f821a00169bbe

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.tmp
Filesize
1.9MB

MD5
06e5bc8630a206a7070856064b99078e

SHA1
3bf28972714f479309f181ebf8cb4abee9457df8

SHA256
07d9a5157cd736e80be28da01ff0c917ebf5d839c84cf0bb4198c354716e4054

SHA512
977f61dad9265420afcc71ec974bcc18bcb9d0ece2a93f44d7d0873926cdeed231e4758756904b7cc8125e563daeec9963766d01faaff393177302f4072fd629

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.exe
Filesize
67KB

MD5
b3135cccd011bc6fccf1a7f2e2fa59cc

SHA1
54343edc48e969460c15e15f420a978eb99b9656

SHA256
b2523c4d11aed6beea1b829a94a5de5a05a3f88f91fd5f943b0d0aefb04aa658

SHA512
870b81343137321c7c846173646429121bad88b6fff60c64c743891ef1231030134cda2011a7d595ad8e96ed2243ca88f5b9a10b8f8e7f73e95d9b87e7d4bbe6

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp
Filesize
1.8MB

MD5
7200c215b7183f7dc41b9bdb70a04d09

SHA1
8decaf1d9a4b4a58d7be138bebee88fd926410a0

SHA256
30f6b9dbbcc0bfd18b1a38408d5e6db32bded6f0ffa253ca9a1674528cda7482

SHA512
e3be1cc2e84a21a69001923a7f61cd7a1b625827b26da34fae2b370fce2aa54e14576045feedfdcb6a89a3ca2135c19c960e72b1b599789d9a0bd36534f28340

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp
Filesize
2.1MB

MD5
003fef91867db04333146edca31c5eaa

SHA1
eae3a487a114fa3b11dd3c93e69608b5b76d15ed

SHA256
bff90ed2c71b45a13a369a300f96898a1707560e6d68f5f193c46ba0b8410ac6

SHA512
2ba931c904d582047ae8b6b64a77bd5e9c10dbfbd5715d5684fab0a4ddaea9203dbf13a5aacba0edc04119784dd55b1fd310fbc2eba32b04094e02ab0616c260

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp
Filesize
1.7MB

MD5
59d24da20b2c5c3d5a7bc46577f4c7db

SHA1
b5f865352dcb31cd30a7892afe3d9bbe7adf4704

SHA256
41852eb59414fadc55d65c0806bebb8d851c8366d96d64720e44ca18e86a2349

SHA512
a5a02247bc5314d805d5c8d108fb3c772de0b8281e9193087dcd0d589f5375e15f393e08188749245ca6c1ffd3cbf875d3929b133da1ff3e120097c0f0c1b2ed

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp
Filesize
2.2MB

MD5
09a082387e3b1ceb14208b023d7ec3ec

SHA1
3a10eb576ddda62162bdab5f5b6964eef2fca973

SHA256
7d8a546136f2b0b1e1572800a6f6047cfbc4ea27dafe0b43391031f0ce44b449

SHA512
a33a063c86f53dc0680d575797f3d6ff9a1f548d203d043a95b6ad4086e03d43577590ec1b48d56b13bfa63d9fbea1cc3b4a75695c165965d209b07cd3ce8281

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp
Filesize
714KB

MD5
a9a1b9bc5e93b47fbcd5c3976d6fe6d9

SHA1
728d25cd71b0d0d827025edea64d5a3851d293bc

SHA256
e7c7052ccf183e30d3377054e6b010b80f3d9483b42b86aa45809e79f8dc563f

SHA512
db6255514244c2cc9fdb1a75aedcef72f81adb2b9f32552108de560f4d9d487f6eb7412e30d1224d7363c7ce330c703a0278ba90e1d08cbbcbb2f227d867c626

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp
Filesize
697KB

MD5
84fff78e01d73692067f335fb76a9155

SHA1
70f83da0b4173ea82b10685930967ae0648318a2

SHA256
ebaedb0444e24558c46d9a92e2143c39269c4faa728f7ee977a405594e6bd6b9

SHA512
b655c6135219f9710b125011e47c98aa15f8b4337fb54ae39f8c72fc9cfe1f43a3f0ed6b612dad67f755bf5eda02dde97eb2a17254680c3ebcdfb5f32f12cf97

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp
Filesize
2.3MB

MD5
7ce88c63b8c8f20e19e1814fba9b4258

SHA1
cf9ed635a892b82a1aa89075af3bd701a6963d34

SHA256
68c92111a1c6c11c9405c965f844f6d4b299e9c6ee40ad229c2008fdefb84f41

SHA512
4d30fd6c069a75d99bcae5c11d1fc1f1cbaefd5d1a547a6d977c2287e86a5f72918cbc0a6072ee59b30995b936a9e54106aafcfcd8cd864d3f1eac0437b94aa3

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp
Filesize
1.9MB

MD5
9e27f57fd23eb481dc66fca1bd390fa8

SHA1
9d1bc368920ae03fff6f64321a37dfef5211fd9f

SHA256
795f41b2af76fdb0901621acf228dd0c22e12e00e357c5cc397a835939a2d82b

SHA512
446f0efeccacc467dc565980b9147d765222c515ca065aaf9b0ea6df47c62d8523d3f600753af11988e32461321fea686cd5f97e908277d314bd5787fc4aed04

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\Setup.xml.tmp
Filesize
65KB

MD5
9ca5575f34f4ea9299937f28136efd0e

SHA1
697958d1880eda1b3a23e37575ff8492872e3de0

SHA256
01931195a7fdba5641d9b6fb5ffc87ef149404617654a8ec365cfa9004c25dfd

SHA512
80bb044dc7b40b141c0fd76bb72058555fc550e86935985fdd61815136db22b3e7d290f90a8d4079608d51d886fc861e2572a18b5520eff887e086e53868de4c

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp
Filesize
1.4MB

MD5
c9747a703c261fc6b0badfb6b13c1a5e

SHA1
b0ec03b12b4dcf6ba47bf292d220915f94df1fa2

SHA256
392c4092e8cfe93509b8890dfb12b71ffb3aee9a2eabc22068d2db5ad00e57e9

SHA512
f350864ecc544c3658fab3255e247a52112c0f51e325015d9c0096f3cda3f77822d90de565af1aef0474081ba47069a1f2c1be35ae3d88a134da8b69a7271f51

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp
Filesize
1.7MB

MD5
c0a8253949b3a6fda4e06793e0ee8ad2

SHA1
96c6bcf839535a30b2e3abeb64eb4e861b82bc9f

SHA256
cd098a78ecf5d9ccd046c845d90d7ffd96bc216fb9a27e06ca843170af29f689

SHA512
fa8c868d96c33edfd92fe40ffae6e1f3bb8360a034a64e1d869c72c46f72aa0f8c3ef16737c89ab72537f98c38ba7f880595f739341081a69e5dacc14d338921

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp
Filesize
16.7MB

MD5
9c7118ac1d92d8b2096480ca567ccf68

SHA1
33b7265fd09b2dab60961e9fa7c0ca97eada3e9e

SHA256
e37ef576cd20ab5af8fc9581eb5f3643c64c0ef8d040063254529a47915bd582

SHA512
fb08aebd6ab305e6ea5430ce659ea5a513473be0f6ca8fd78c01d049478fb473a9b137ff74142fe32764147b1583f60ac230f53a32fdf391de15640d46ff0a56

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp
Filesize
4.0MB

MD5
4002c88d15d80cc331819268bf5213bf

SHA1
8533ee6a88723cb22c015d8516979b1f69443f3e

SHA256
dca286dc319a0d0d3f419409060707da3f772b770e58eca3716bea69b4050e50

SHA512
842b1f4d4affb5d39af796a239c03d0f5b41a6578359e89878281e85f2d4ba401bc296a99f379520958be484f3e8e194d9637810c5ae2fc2f6db58af21308e06

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp
Filesize
1.8MB

MD5
96e68b80c46d53e1cd361aa2ad188558

SHA1
c2aa75e95975be6262e6582a67ee17b1e9aa3b4e

SHA256
0f55146b3eb0254ad3720a7df2a5c8295dc7f87617b3a3d3e0b0859f1506efab

SHA512
9ef81705531ad37c45b064a4af87bfa437a6a0a148617f663e8aaab324128f40186471026103066c776cd0ef3c10a53e4dbcb23e2751374550df8e2f0c1edf54

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.exe
Filesize
165KB

MD5
2f426a5c6fc0d28e459c2ef27903e525

SHA1
938963cb2eb2e57bb514ccc5cf7bd05694b2295a

SHA256
bebab64e8ccf81bd82534994d1ad6b6ee6d3df649ead4a37cb8fd86983f946be

SHA512
fe2b1706920a6d0d82168eb88ffd8ff1588e1bd801ea299de3d812d7989ecd3a1c35fcb3bfd77ec6081b328979303320bbd8b8208de0ba47097c808145c7c0e0

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp
Filesize
881KB

MD5
14ad18a02fae819ab277bede9f018f1b

SHA1
9869b658be3e27d33a5b66ec9c43d0b5c9937199

SHA256
11142f44cb872601635b2ae7b8ebba0fe864345278d41d79ce510d9724ee47bf

SHA512
28ee4b30ffa78ddaf60b1f61c3cfdab3f09c379612b5f8cc4f2188a997903d99683f873d1abd84f99d730c3905de7a3c9fc9ac1ab039ac644d2c424e98371ea6

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp
Filesize
13.7MB

MD5
ad1128dc52dbdb4dbecabe5457b9d77d

SHA1
9581e22440e806a1406816d12ce9f8fefdd4e0d7

SHA256
d23f2f8b34bd8e811889aaec2a47d55bb0f41c1178e89bb4ea84e3f23d834880

SHA512
8889a8cb1c95a7147b08ce565a96e88b864a889d81abc1852458b77c4bde30756a81acdc5bddb5a28e15557b6c6fe7524fe4492096407860558c30f7560d0bec

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp
Filesize
1.3MB

MD5
0b3bbb4a7b081cdbe4171bf7921a7b17

SHA1
cef5f3adcce954b03adadb04477bab77149fb44a

SHA256
4ddaf29fc2aeca81e0f58e990e21382cada320620a6f695471ab39d82f26c316

SHA512
e988bb8fdca6797bf3b28b55ca23897e3cb976ce35e8dc86461e50257cc77c4352a099341d5cd7f84f4afbbeb95dfbfbbd1d3e90e03f54f20e15736f69bdaed9

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi.tmp
Filesize
697KB

MD5
c807c51e09f9149f1918cc4c4ab9e63d

SHA1
7e63ac382c5e075528e78d119171b3d4929c70c5

SHA256
757d314efe00cbdc346fe4eaf8f1ccfc3858cb614564eafea1e5da324d499d18

SHA512
c36ad6d2fa986be3873bd8b5dd2670210be8e6b8649125357621cb7278be9b1b7d0c4f3c6eab37569978c4b0dfc902b79d43db7bceb8dbcf9329c2d552d837af

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Setup.xml.tmp
Filesize
71KB

MD5
bc4734b9ef64b03a39bdca5dbc065953

SHA1
64ef1f2634946053e1cf893d9f345577a5b1ed5e

SHA256
a9e30b634cd85b45f39e2cca5e65ba1527fbf8f844122a8037d5e4d4e58cccca

SHA512
39b678b45fa4913a95922c1ab40af74bea97fd1d055437d593495dac167b326601d7576c4b3970bbbe81ce80b3ec06e57eebd33bdf66aab15eb2625970565c1f

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST.tmp
Filesize
69KB

MD5
afc35c1646b47a2e62dba0a3b5ce9250

SHA1
441dbbb0337f5fc87fa6b5221c1731d6d13f0e91

SHA256
7da5a44dabefc75d566dea677c1ccaed2a52fa5976cd9e675bd005564fa96283

SHA512
1fa5e8609a4bda78d6ab02ef0014fdda1be2c82e7566915f60a1630f882e7bf3e09314042cfcd3b15614ed637ce314093fcf5b3ea307f79406c02a866d75c0f0

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.tmp
Filesize
644KB

MD5
e34bd6cea97830a6b762cf0e5422b736

SHA1
9ebac1e37ce87bee7935cb004402815d47e8c7b5

SHA256
e9240b5e761c084f2cbf5e533dd3b988247adf708d472a0e65790760072cd1e0

SHA512
bba616d0adae17e37bf21baa038d10358e41cb7918cb4590ece658fa3f56a8e03fc8502aaf0b2d4705260c2bf81c32d1a41f26bf625e3e8deda1654a35043dec

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwdcw20.dll.tmp
Filesize
576KB

MD5
8072b173dcb80fe96ac19b4df82edd44

SHA1
c57c648f0e613350862f33cb8a6c7e8a6e019495

SHA256
4bb901174451766fa7ee8ffe9a792fcdd216aa43ad8b6080939e3ab40e49e29f

SHA512
14e3288fbc43fd6d8249e24a7f637ce46f6a3014d33585e1b598c8e4c775f07c145a95c991c9128fcd9b1acaa004925f55f4bd2bb751a451ee06efd6781789ac

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
Filesize
569KB

MD5
cb946b6634f337657e327c9f352aed39

SHA1
518eedec38821622a00a288a1fe72f8638b2eb0c

SHA256
341e55fe69a729b710dacc9baa78ba4e592f58b8001dba71193ee587016ce4e4

SHA512
1296f66931d1a332fbab5d95ce435e8855cf333702febcbe8e63427a4d0c8d16bd69a80b248128884e38bc649a74df6b162eed1dcec711cfdc5a2d2b962c741a

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp
Filesize
702KB

MD5
9eb3a37304ee788009ad85ec3dc9d05c

SHA1
7b608b7b9c4fcc5198adfab77f7f5555574f8dc7

SHA256
77ddbe72e91e78e435414ce7321dfddb2d9b1bccacf21b7c9734e95c4f2cf3f5

SHA512
dc6534d2821051205c31802ecd71737b304cec073beacbb17ae2445104372e4073b1967852ae7218a58e1adb812c90d75524fccbaa8395009b8f1eb8c9663f0d

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll.tmp
Filesize
249KB

MD5
e83d1096fae2ba70bea82e742f21d959

SHA1
fa55752024e51c8b9545b9a5a87b84fa144868ce

SHA256
00096ae41c3fb2aa9cb4dbd43edab4d8619c52ef4ef46e0227d36e04d6192251

SHA512
4c430bddd2b132056af3b4ab8ef0f6424730f889e42ee56d62390ae601dd704e0f682870af23964e2a2341a132b5dbf7ebcbf688f810a737304a20509fe7cde9

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm.tmp
Filesize
88KB

MD5
4853f6d5141a3e8b3b7a284b9c280f07

SHA1
46ea172868bda67463d6fe1328d6be38f4556188

SHA256
c67845655927af97f0effc19bd792324cfa40961404eb3188fc6807cddd9e4a3

SHA512
d937ce15173788694986397ce95275e63808b7845ee1aa35de12f209db44329cd51a52c72dd1cd36bad5eefb6c68d932e3b66f2b36ade45be51e3c717c55f64f

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm.tmp
Filesize
127KB

MD5
b48568cf57d33bc64a16d9693a6db57e

SHA1
5470128ea65bce8604ed07f511b7535cc9fc2f8b

SHA256
dd6447d9588fb6e829c8a8018c54a9726d8b65a0fe262c90fd56f3b5b0a1c5ac

SHA512
7ef5b0ba79c3b2227137a1e5d35bc0478eb5364e2a45420480a97f7391981a09db42dd667009ac6cc4e885acffcbbe7c9f069dd48d068b6f74e001f35776c2f3

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.tmp
Filesize
1.2MB

MD5
6e456875018e21c65326f6e28a6df8d7

SHA1
40d3338b7b17d37f7c2e03f4ed84d4b5652290d5

SHA256
5a410485d56d69cb89888afdf92afd42adb11d004ff9b5ff1b55962cd6c40a85

SHA512
f1d12bf57a46c4d9822e14587ad712d28587e4348dbdbebbfc409e9e409cb397a202d60f3089e43af710d9ce7e181af25cfa87cc0ebbe5fe0fca88cd17db2e28

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi.tmp
Filesize
697KB

MD5
a460589de004f84568148854c939d8fe

SHA1
aa75d5a43c2ec2aa2f2a0169367d973a41c0e37f

SHA256
bd7b60a86416554641795ab8db00ccfa506aa9053de73eab58f7b4faa8d3af33

SHA512
59ceee128ee499b92655d98292dfd5e560c8edec88ca0472c2920774ea5a77e2006b31984de65f35f56497c844ab0eb92f20d6d384fda2ee792fda3f0391f93f

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.xml.tmp
Filesize
62KB

MD5
306c787895c0389446726e194f08eb20

SHA1
e27b55c490ef93db6f345045f8fb7d240eb696c2

SHA256
d5ea0a69bc29b192583042a561d7b0422e7f270c59ed62c8a793f84f2f3ba664

SHA512
f544261f723f5c206f74abd469a81d1c0337be95b1031ad334bea4b71fa8b8c14bb60dbd00ed9068cb8f47d8d1d7170e20ef5a5178eadc7833891770dc825f80

Download Submit
C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.tmp
Filesize
1.8MB

MD5
c37999b7bf959a0bdfa69e952bcd59e4

SHA1
64f729afe4d5c3261ca8caceae99db9d8bcf12c5

SHA256
eba7df848ac1e4347ea8d9ecd5f3404071fb6f0d15fb16adda28481546d3311f

SHA512
a33433d0ad2b8017d5a047a9dbc948e136ac854fc4027b24b21b6b2fda264d043898386194672d5c68092afa81f2ab83f34c040aac38cfe5955080ab188e51d1

Download Submit
C:\Windows\SysWOW64\Zombie.exe
Filesize
60KB

MD5
27dbdae73c6b564fddef447ea620861e

SHA1
008ab276407d7a5aacb243116c11bb19701dd894

SHA256
c0d33589c802e1eb569c2076cd8085e8defc59f2501601378bf583a948ac748c

SHA512
1fc391e3a900c128b00262c0a43fcd80677426a6538d363f74cd91bc887d9127435de27e4e387211a1ba8d1d5941e57973516ab8b02012656d0bfecb01bc38f9

Download Submit
\Users\Admin\AppData\Local\Temp\_RecoveryDrive.lnk.exe
Filesize
62KB

MD5
661d399926105d7fdc70b36e48861e42

SHA1
41925e987b080432b6cd7b42f5b7aa463c6ed18d

SHA256
a44cbcfa7564ad08a4841979e89eab5e5e66b3bc2539938158a1f026bea5f142

SHA512
7003afc2cbda247ed36c4455a2d93f1fc9eb555bfb8a474c9358f666335d91650cfc57bb0e29ab3bb63411c97ab391d30050f3d7372c1415c553e04a34601721

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads