834f9b09d1030f359d93fc2cde2d1270eef8563f487028e6a76bb684e24ae4af

General

Target

fbd6e1858fd2b157c10921bae88975c3.exe
Size

68KB
MD5

fbd6e1858fd2b157c10921bae88975c3
SHA1

a7472b327b21867e6249cdaf02d8b1e0f1d8a4a5
SHA256

834f9b09d1030f359d93fc2cde2d1270eef8563f487028e6a76bb684e24ae4af
SHA512

9f62a956c26a37597e4e222d68055e2e223d9cf29055a23714fe7fcfb6fc48045fc9e60b66f4bf733cbe0bcc24ccb6c4bcc685044900a86eedc6065dfc1f6e1b
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/U:6e7WpMaxeb0CYJ97lEYNR73e+eKZU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5088) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

fbd6e1858fd2b157c10921bae88975c3.exe

description	ioc	process
File created	C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R64.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\MSO20SKYPEWIN32.DLL.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClientSideProviders.resources.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.tmp	fbd6e1858fd2b157c10921bae88975c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp	fbd6e1858fd2b157c10921bae88975c3.exe

C:\Users\Admin\AppData\Local\Temp\fbd6e1858fd2b157c10921bae88975c3.exe
"C:\Users\Admin\AppData\Local\Temp\fbd6e1858fd2b157c10921bae88975c3.exe"
1⤵
- Drops file in Program Files directory
PID:4204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\desktop.ini.tmp

Filesize
69KB

MD5
52b01342a3c3dc7e43f97df38ce6ec6e

SHA1
007faf681d79ed20c2cf7fe816cd53d1705d2c7e

SHA256
982b7d27186274c417831630bb9092ed55a9bd33cb979816cd65afe6464ff0b7

SHA512
8762576d1a6496d1927ec8fa248fda67a64f9c289cfccdbf0a0736d6daf34bd879fdd7394154ccbc9fe2018ad8a96edc239a6673df25cf6a29f59f4200e83620

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
167KB

MD5
bcafc138ca4cbf44091ee38542b11111

SHA1
600157da9e111d719c0de58c01e745a54c0dc601

SHA256
edffe1c97a124c654b9aae5714efef9d0d643cce511fc94e3ce47b168eb5b547

SHA512
65c6edd9e6b8304769da8f6521f765f05661f9ec8968c4a526de779307d260f3295cdd42196c2eac2bebf57c65d60b3bee2fc5d78bd7aa2c92b150830267b85b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads