fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc

General

Target

fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
Size

67KB
MD5

5c05bf7e715acf669c4d4a5145513854
SHA1

59caa6a9ff396a42637fec8d97a12e3cfe0635e7
SHA256

fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc
SHA512

893f43e6653aa1ab147731a92c751301349cf0c17f703c65dd628ed26c0fe083baeba0117d2bbb670ec9a99e0807b3b25e0367ba9c3e661dc771f3b59aa28302
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReT:W7ZDpApYbWj2WTWJe+e/q2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3670) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\currency.css.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\timeZones.js.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\flyout.css.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Defender\MsMpRes.dll.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Journal\jnwmon.dll.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\gadget.xml.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search.api.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png.tmp	fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe

C:\Users\Admin\AppData\Local\Temp\fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe
"C:\Users\Admin\AppData\Local\Temp\fc60abb3163083c330fd4cfe5e147f27f6f2a20404b653d8a5642b8fcaba31bc.exe"
1⤵
- Drops file in Program Files directory
PID:2292

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
67KB

MD5
a6989273b388fbb5c11cbe391caffecf

SHA1
fd197cda5150abf717271a2252a9eb3bba8623b0

SHA256
a053e6d9480def2ccb9df6025cf2af217dcc4128b618eeda67153573f7ba8f9a

SHA512
4a6264f930dd456c945d3e28087eddc7a790701177d09e2155099da6fc04f7242c6d0ee1fb4feb9f351c892db8a09531065633620b78aad938d1da66d25e8554

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
76KB

MD5
2e693cc162dac651f153375d4bedc9f6

SHA1
559265cdaaa02ba73242f43afb8286a1950ea470

SHA256
fa666c8b292e10c8c94b0b1b696782970411632055ee6af3611da136fc66a5c5

SHA512
24796a50c9a2195169e11f9edacc705525ebda06aa22296a054b8d0da13090d35f5f0d0bd794af17e5dffbe18eb1052381920a52278cf79acf0ada4b7afcf9e4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads