seon | fafd35b8686b47ce520fdf66aad21ac0d151532af96a670314e27a333be8dcec

Analysis

max time kernel
100s
max time network
101s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09-01-2023 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fafcec_win.exe
Size

592KB
MD5

e34ed195fdc98d923cba0e8fdf6129ec
SHA1

b6470a661dbf352c69f164389b8221cd48d00d0d
SHA256

fafd35b8686b47ce520fdf66aad21ac0d151532af96a670314e27a333be8dcec
SHA512

fceb1848da871c8e535ab691e5b492226be26ea697c190cefa2f2f214229bae94fe35058de32248b2eb55826e2ededa1634bd658d48f5a9b4e165d02043565f9
SSDEEP

12288:rvt34zDh1WuachSc3kGs2jltA3YcIofKJ9hf:bFQDScrs2jlC3Yc

Score

10^/10

seon ransomware trojan

Malware Config

Signatures

Seon
The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.
trojan ransomware seon

Drops file in Program Files directory 64 IoCs

Processes:

fafcec_win.exe

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21318_.GIF	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115868.GIF	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341636.JPG	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGMARQ.DPV	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF	fafcec_win.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png	fafcec_win.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\YOUR_FILES_ARE_ENCRYPTED.txt	fafcec_win.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\YOUR_FILES_ARE_ENCRYPTED.txt	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384895.JPG	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Couture.thmx	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN111.XML	fafcec_win.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187859.WMF	fafcec_win.exe
File opened for modification	C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\EXCEL.HXS	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02755U.BMP	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01152_.WMF	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\library.js	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\ado\it-IT\msader15.dll.mui	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg	fafcec_win.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CONTACT.JPG	fafcec_win.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGMARQ.XML	fafcec_win.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties	fafcec_win.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html	fafcec_win.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BIZFORM.DPV	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.DOC	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png	fafcec_win.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\YOUR_FILES_ARE_ENCRYPTED.txt	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187837.WMF	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDRESN.CFG	fafcec_win.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GreenTea.css	fafcec_win.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\YOUR_FILES_ARE_ENCRYPTED.txt	fafcec_win.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png	fafcec_win.exe
File opened for modification	C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png	fafcec_win.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\sunec.jar	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGMAIN.XML	fafcec_win.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF	fafcec_win.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107708.WMF	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\FEZIP.POC	fafcec_win.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png	fafcec_win.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\EDGE.ELM	fafcec_win.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi	fafcec_win.exe
File opened for modification	C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif	fafcec_win.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\YOUR_FILES_ARE_ENCRYPTED.txt	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\List.accdt	fafcec_win.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png	fafcec_win.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF	fafcec_win.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js	fafcec_win.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT	fafcec_win.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png	fafcec_win.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui	fafcec_win.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\settings.css	fafcec_win.exe

C:\Users\Admin\AppData\Local\Temp\fafcec_win.exe
C:\Users\Admin\AppData\Local\Temp\fafcec_win.exe -u bagel:bagelpw -m
1⤵
- Drops file in Program Files directory
PID:1344

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads