65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b

General

Target

65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
Size

521KB
MD5

56c5c46f5b655debdf42c84ea4bfe530
SHA1

1d8c467fe903a52328a23ac0762121062ff51799
SHA256

65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b
SHA512

60cde0fee6e1530bc111aa0e506803998f7af1d1bbdd58773c31c9ebe40c8902a779e05885f1bbef8053b4b3a22de37aae3946684a471fad21d861ea84f2b51d
SSDEEP

12288:9rMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUx9V5:7ZyCA8CBmn+RrNj9ay5I5

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

Processes:

65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gjdeps.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gjps.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\gmisc.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\7-Zip\RCXA04F.tmp	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\gLICLUA.EXE	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gidlj.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gjinfo.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jmc.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gjrunscript.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\gappvcleaner.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\gAppSharingHookController.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Mozilla Firefox\gcrashreporter.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jar.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\gSmartTagInstall.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\gjabswitch.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\7-Zip\g7zFM.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\gaccicons.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\RCXB58C.tmp	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Windows Media Player\setup_wm.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jre1.8.0_66\bin\gjabswitch.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\gDW20.EXE	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\gjdb.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\gjps.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Microsoft Office 15\ClientX64\gIntegratedOffice.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\OfflineScannerShell.exe.mui	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\gLICLUA.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\gmisc.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\gjabswitch.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jstat.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gjavaws.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gjava-rmi.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Microsoft Office\root\Integration\gIntegrator.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Windows Mail\wab.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Google\Chrome\Application\gchrome_proxy.ico	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\gjar.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\gjavap.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\gjcmd.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\gAppSharingHookController.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File created	C:\Program Files\7-Zip\Uninstall.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\gchrome.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe

Drops file in Windows directory 1 IoCs

Processes:

65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe

description ioc process

File opened for modification C:\Windows\bfsvc.exe 65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\bfsvc.exe	65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe

C:\Users\Admin\AppData\Local\Temp\65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe
"C:\Users\Admin\AppData\Local\Temp\65ccab906353d34c9335897d3e08dd32cde55d75e38b9feb0a5445b5bdcd4e4b.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
PID:4300

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads