fe051bf2faf8a017a67b480e6fa4b3b090cfc764230f908a6352a0276216f442

General

Target

0006dbe6e63d5cd1b2a87cf205e7513f.exe
Size

111KB
MD5

0006dbe6e63d5cd1b2a87cf205e7513f
SHA1

7e3b37cb87eebfdbee73b7c7849beeaad4f07c93
SHA256

fe051bf2faf8a017a67b480e6fa4b3b090cfc764230f908a6352a0276216f442
SHA512

9e36fe9ad3880fc7704f32f7636e3ab0f2c86ce09820545852ea244e9f8bcf4d75b7d46d4614f017dfeb22aa49917756226ea33cfafb048df956633374a1174f
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5KcMcoYJIJDYJIJ1wq3FGfQsblBOi1xAfQn:W7ZQpApjIKTie+e3wqUJvlwJvl6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3440) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

0006dbe6e63d5cd1b2a87cf205e7513f.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwmon.dll.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	0006dbe6e63d5cd1b2a87cf205e7513f.exe

C:\Users\Admin\AppData\Local\Temp\0006dbe6e63d5cd1b2a87cf205e7513f.exe
"C:\Users\Admin\AppData\Local\Temp\0006dbe6e63d5cd1b2a87cf205e7513f.exe"
1⤵
- Drops file in Program Files directory
PID:1956

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp
Filesize
111KB

MD5
12b217c1e178359f7fcbe2dfcdcbcb1a

SHA1
1ed41ec0efd8158edeebb14e3cf26f475fd81be8

SHA256
7cde95c2ace319b3478bf293f8d83cdb3309f661bb20e75de58ab8623a7118ce

SHA512
948e245147f7b05f476632511c9d80c10a12e8cedc9b8c65ae673df190d5c81ac612d93b5b14cd0d8ad4859817f1933a9328f03865dfb2a968e5c073c187ace7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
120KB

MD5
9da9c5bed04f42df2e97cade699cf93d

SHA1
d134437f203b466b600d6eef69f323200fc679b6

SHA256
f2956bb65ba67b6d08f837d804deb54065f0ab0b991262f7e98037e90191e377

SHA512
b0a7055b4134d01b83771e2f6ee9365447fbafdc0db4ecd4ee17192c6e546019ddd1899a3096783cee5677ee82868d044ce66ca4bf0b6bf3711546b1d29d0ec7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads