f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50

General

Target

f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
Size

69KB
MD5

38dfd64e79bdfd259ba1153eca2ab12e
SHA1

504b3f79fac2dd8b84936b2b0f5426899937ff31
SHA256

f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50
SHA512

956570c3c767d3f4244059bbf57d620060ce79ef7c691c9d597fdc419896b71251b8c6c550cd2dd07b849589b8347c79894ba0c34087afa7fc8e0a3a247c8872
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/5:6e7WpMaxeb0CYJ97lEYNR73e+eKZ5

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (848) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\CompressReceive.sys.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe

C:\Users\Admin\AppData\Local\Temp\f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
"C:\Users\Admin\AppData\Local\Temp\f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe"
1⤵
- Drops file in Program Files directory
PID:2888

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
70KB

MD5
e5de89570c0ab5e8aa8d64a80da0c280

SHA1
885c656646e8e31ea7baffb995d164ef80d50200

SHA256
b15969a8a7b7d325d576c2dbec12dd3b8fe9f249b84ae9d50afb696deea3bc05

SHA512
2f09de42abbd4d3ea7d9a0cf8133a75620a98d49442c5cfd61d85ad80bb056931bd858216de9ab98f2a8c32514d87d8e69082e8581c5a6c80da085a64265122a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
79KB

MD5
bc9b7c8162aa9988c04e047dc211ddb6

SHA1
9fa159930d1d517e98b9840dc2b3812b394c6bbe

SHA256
8021bb0f4cdce1defc0898ceadb5f22ff84957ddd9d2f43bcc769360d1e76612

SHA512
75d5a2e736e4b8c97b22d73bed00e4c328c6088b3f4f854e9c8f396a9b4f9a88d0aa6815676af55a7f6ec35fd139fc02133a53233b25fd879b9c55ef80f56d2f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads