dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d

General

Target

dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
Size

69KB
MD5

8dd91e7c05fb171bd9662d596fa5ef21
SHA1

bba6dcad2ff982d202c6956d28a2c6d7e587fdcf
SHA256

dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d
SHA512

3403a014fa592efde89e86e28dac46b4ed82230c0d42e32b0d2bc055e52f8146826fe127e6c5fb5634bd0af6f30ce6576798fd5d3792e6ea893f7bc9cf96089c
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tp+B:6e7WpP9oVLQthbYY9oVLQthbUrt7t2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3544) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\settings.js.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\weblink.api.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\localizedSettings.css.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnscfg.exe.mui.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\picturePuzzle.js.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\cpu.css.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\slideShow.js.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe

C:\Users\Admin\AppData\Local\Temp\dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe
"C:\Users\Admin\AppData\Local\Temp\dd9b1cbb85d7f946bb8a8d83f9d1aeac5878c8d580c0707b4c50dab18d36a28d.exe"
1⤵
- Drops file in Program Files directory
PID:2024

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp
Filesize
69KB

MD5
647f437933e648e36a6daba72887b4c4

SHA1
fe0a00cff3411ed5a4a78a0db88369dc6b6f5dd1

SHA256
4cc727bc0fd64f62cf191c2b14f4d9fb768dcee931df5ea404f075a0889be951

SHA512
2123b8a63a1fec08f02aeb49a8707eabc119080236cccc56d1b0a741275b75d36df6bced2a44b3a216a6b25be96c5436441e87aae5189cc7ac3856ad46a8d08b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
78KB

MD5
5b9fe84baefd342c23df6007dfc60676

SHA1
9459385d535b9524d284d0c90b6544af97305556

SHA256
09023ed1fe318c1a7f51bd1d3f8cfb68737cf1df231ed7c33ece53b5ee59de4b

SHA512
2854763c12942fae050d8856e7f9aa310dfae3f42547cbc1dde4471e603a729f0301c58128256da2f9d7fbf18d4f5588b1643d92697f6a60c07d90a09d6c152d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads