834f9b09d1030f359d93fc2cde2d1270eef8563f487028e6a76bb684e24ae4af

General

Target

fbd6e1858fd2b157c10921bae88975c3.exe
Size

68KB
MD5

fbd6e1858fd2b157c10921bae88975c3
SHA1

a7472b327b21867e6249cdaf02d8b1e0f1d8a4a5
SHA256

834f9b09d1030f359d93fc2cde2d1270eef8563f487028e6a76bb684e24ae4af
SHA512

9f62a956c26a37597e4e222d68055e2e223d9cf29055a23714fe7fcfb6fc48045fc9e60b66f4bf733cbe0bcc24ccb6c4bcc685044900a86eedc6065dfc1f6e1b
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/U:6e7WpMaxeb0CYJ97lEYNR73e+eKZU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3554) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

fbd6e1858fd2b157c10921bae88975c3.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\HideAssert.mov.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\IA32.api.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jre7\bin\hprof.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\highDpiImageSwap.js.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	fbd6e1858fd2b157c10921bae88975c3.exe

C:\Users\Admin\AppData\Local\Temp\fbd6e1858fd2b157c10921bae88975c3.exe
"C:\Users\Admin\AppData\Local\Temp\fbd6e1858fd2b157c10921bae88975c3.exe"
1⤵
- Drops file in Program Files directory
PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
69KB

MD5
103f61625b5917d0f67e37043f174db9

SHA1
5cfc8e88b1d8c8679e65402e0fb81e781f9da39b

SHA256
12d8426827257e67843bb4f34bedff95bfb6316b113ccbf958c1713d08743583

SHA512
0b8cad1eb50e6023a3e968b66177d8d2792d602f108c4adc9d1f4525bab1c01164f93cdb99593eb55a3c8ff0728021ac1ab2fdd450d563c1d502ad8990bd2b88

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
88fa65dd164436c1940b6f6e655c9efc

SHA1
19d4867ab4ed23173b6bb163f9409cdab9231122

SHA256
5359aca90d1c2da123bc6290bf4a479fe6dc091f68769aa071addc193dbe4f16

SHA512
70257f3c70d3e031438524d744ec94a17cbcf6a0b697eb5a74f7b485c7ad6e64b861bb4ccd0e7ceccc2b6d2b3c87680dd9aabd17322ba0b89760e0855bb7e117

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads