f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50

General

Target

f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
Size

69KB
MD5

38dfd64e79bdfd259ba1153eca2ab12e
SHA1

504b3f79fac2dd8b84936b2b0f5426899937ff31
SHA256

f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50
SHA512

956570c3c767d3f4244059bbf57d620060ce79ef7c691c9d597fdc419896b71251b8c6c550cd2dd07b849589b8347c79894ba0c34087afa7fc8e0a3a247c8872
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/5:6e7WpMaxeb0CYJ97lEYNR73e+eKZ5

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5029) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.png.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.png.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XML.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ur.pak.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe

C:\Users\Admin\AppData\Local\Temp\f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe
"C:\Users\Admin\AppData\Local\Temp\f00b2cd7b61e06d2a8002cd119f2acead0e01905c6a62d533514a2b4273a3d50.exe"
1⤵
- Drops file in Program Files directory
PID:3152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini.tmp
Filesize
70KB

MD5
c10c8c58378ee3a4e75ed2bcfc4bb4af

SHA1
f9e747d9b643b6f917bfddcbc1657b72256b5f52

SHA256
4947d1701826a03daf2ae5d2f90690ff5d31aeccd37052eaff99fe65e8255905

SHA512
a9222b67ad4ebf42644d01c8099e0f6209abf4f79ef5b5a3cab0f6cbd758caec76d30e9f0629b3338d15d7791b716aa6177df03c891d6ce6d5887022eb156e47

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
168KB

MD5
4e0738433300f17a40ba84ac0b108ef5

SHA1
c68f66735054b5845199c3dbb2f5abe9636496a6

SHA256
dd19dfeadceed99e11e33a3eb4657cbb385d2b80a7664654de2ab3c619ca1eab

SHA512
9bc7bcda93a5ebbc99fc2eb9ddc98daa133170fabd863512ea52c46e5118dd6ffb531b07df30c845cebf6dc74a86519340c3c6b870d55f37d0ea47bf5d9a78ff

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads