Analysis
-
max time kernel
139s -
max time network
141s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
09-01-2023 21:53
Static task
static1
Behavioral task
behavioral1
Sample
fafcec_win.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
fafcec_win.exe
Resource
win10-20220812-en
windows10-1703-x64
3 signatures
150 seconds
Behavioral task
behavioral3
Sample
fafcec_win.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
fafcec_win.exe
-
Size
592KB
-
MD5
e34ed195fdc98d923cba0e8fdf6129ec
-
SHA1
b6470a661dbf352c69f164389b8221cd48d00d0d
-
SHA256
fafd35b8686b47ce520fdf66aad21ac0d151532af96a670314e27a333be8dcec
-
SHA512
fceb1848da871c8e535ab691e5b492226be26ea697c190cefa2f2f214229bae94fe35058de32248b2eb55826e2ededa1634bd658d48f5a9b4e165d02043565f9
-
SSDEEP
12288:rvt34zDh1WuachSc3kGs2jltA3YcIofKJ9hf:bFQDScrs2jlC3Yc
Score
10/10
Malware Config
Signatures
-
Seon
The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.
-
Modifies extensions of user files 1 IoCs
Ransomware generally changes the extension on encrypted files.
Processes:
fafcec_win.exedescription ioc Process File opened for modification C:\Users\Admin\Pictures\UninstallStop.tiff fafcec_win.exe -
Drops file in Program Files directory 64 IoCs
Processes:
fafcec_win.exedescription ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\my_60x42.png fafcec_win.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar fafcec_win.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ui-strings.js fafcec_win.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sv-se\ui-strings.js fafcec_win.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nl-nl\YOUR_FILES_ARE_ENCRYPTED.txt fafcec_win.exe File opened for modification C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg fafcec_win.exe File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.jpg fafcec_win.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ui-strings.js fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\11891_40x40x32.png fafcec_win.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Emoticons\large\call.png fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\Office\BooleanMerge.scale-100.png fafcec_win.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\YOUR_FILES_ARE_ENCRYPTED.txt fafcec_win.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-ma\ui-strings.js fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Awards\challenge\Go-for_the_Gold_.png fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\na_60x42.png fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Assets\CalculatorSplashScreen.contrast-black_scale-200.png fafcec_win.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.scale-100.png fafcec_win.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml fafcec_win.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\pt-br\YOUR_FILES_ARE_ENCRYPTED.txt fafcec_win.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.16112.11601.0_neutral_resources.scale-125_8wekyb3d8bbwe\AppxSignature.p7x fafcec_win.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fr-ma\ui-strings.js fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeMediumTile.scale-200.png fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxSmallTile.scale-400.png fafcec_win.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\manifestAssets\Square44x44Logo.targetsize-48.png fafcec_win.exe File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml fafcec_win.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-125.png fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\SmallTile.scale-100.png fafcec_win.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\YOUR_FILES_ARE_ENCRYPTED.txt fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\ir_60x42.png fafcec_win.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-fr\ui-strings.js fafcec_win.exe File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\ja-JP\TipTsf.dll.mui fafcec_win.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar fafcec_win.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar fafcec_win.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar fafcec_win.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Tiles\pyramid.jpg fafcec_win.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\LargeTile.scale-100.png fafcec_win.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo fafcec_win.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\ui-strings.js fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\Assets\Logos\BadgeLogo\PaintApplist.scale-400.png fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-20_altform-unplated_contrast-white.png fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-64_altform-unplated.png fafcec_win.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_checkbox_partialselected-default_18.svg fafcec_win.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-nodes.xml fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\EmbossBitmaps\Donut.png fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-140_8wekyb3d8bbwe\Assets\Office\ProjectionCylindric.scale-140.png fafcec_win.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_listview_18.svg fafcec_win.exe File opened for modification C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchMedTile.contrast-black_scale-100.png fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\be_16x11.png fafcec_win.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms fafcec_win.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\PREVIEW.GIF fafcec_win.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\YOUR_FILES_ARE_ENCRYPTED.txt fafcec_win.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-api-progress.jar fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.16112.11601.0_neutral_resources.scale-200_8wekyb3d8bbwe\Assets\LargeLogo.scale-200.png fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_neutral_resources.scale-150_8wekyb3d8bbwe\AppxSignature.p7x fafcec_win.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsStoreLogo.contrast-black_scale-100.png fafcec_win.exe File created C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\YOUR_FILES_ARE_ENCRYPTED.txt fafcec_win.exe