e54d5bf1f8041d547845c705fda934b52b92b4ddcb4cb1bf9ef162f91c5b80f7

General

Target

5dfe6ae42a002ebdf53dac57f3677b0b.exe
Size

59KB
MD5

5dfe6ae42a002ebdf53dac57f3677b0b
SHA1

ad42d7e5c61aff9d2764c2489082bc8cd857d863
SHA256

e54d5bf1f8041d547845c705fda934b52b92b4ddcb4cb1bf9ef162f91c5b80f7
SHA512

f1549dcd7b630b73ffed9212a0c7fbd8618c889e18fa0ed98d2a10b88429b2430d855b23a168f71c06ceb0a8d58c1c4e48d687097787e13dcf4527a721ea6d32
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2Fnj28/8UMWMmlHlqMb:W7ZDpApYbWjCDOgj28/8vhm1x

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3783) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5dfe6ae42a002ebdf53dac57f3677b0b.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\mip.exe.mui.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\gadget.xml.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\micaut.dll.mui.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\slideShow.js.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Windows Mail\WinMail.exe.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\abcpy.ini.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\weather.css.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.swf.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	5dfe6ae42a002ebdf53dac57f3677b0b.exe

C:\Users\Admin\AppData\Local\Temp\5dfe6ae42a002ebdf53dac57f3677b0b.exe
"C:\Users\Admin\AppData\Local\Temp\5dfe6ae42a002ebdf53dac57f3677b0b.exe"
1⤵
- Drops file in Program Files directory
PID:2960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
59KB

MD5
b3455d1c00e1dc16df0c74aa9827b3c1

SHA1
f0c70faac38c93afe8b64d9cbc7cf37deba1b809

SHA256
0382cab96e91ffd9bcca1751afb0aa6a42048852f0c7b944c22d559f298152d1

SHA512
4c9c5a4bd6aa3c1749bb459d95ab05b036a9a7848bd4fd430a9e54594c7e081186ffe0e3114fca1e87d358092fb6e1a84ceb115df7b68893403fed9564321b08

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
68KB

MD5
8dc7598f5065e1cebdfa4d34a6ac29c5

SHA1
767f313446e924ca8ec2ac8c9cd4e1793b110ad4

SHA256
c746014d51c3e1a227060e97d616c8d963c54f34509845ae9e733c275fb6131a

SHA512
ebbb7db2d45b18bf442913bf57055f7b6098014eb0c0be92d522d0d73af3c6e95b44ebfbc6f0429c68e6b42840027777df9b8708156ecae1df53f60acd87df72

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads