b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5

General

Target

b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
Size

62KB
MD5

55fd908254d57a0ff9717523a8e8b579
SHA1

02754c2bc9dfc537dbf42ceafa99149b2ae325b2
SHA256

b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5
SHA512

a2e33cd6f152d887ed5e8c6c19ee9d594555c1459b7e173822e5005bb383ded302af3b8fff683b12c9dc5c8b77f269583a6010f5b22914fa6f45ea164cb0f0d6
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2FjJ1HrH/:W7ZDpApYbWjCDOcJ1T/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3451) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe

C:\Users\Admin\AppData\Local\Temp\b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe
"C:\Users\Admin\AppData\Local\Temp\b8c70eadf91df1d3951bfc1ff0716ac3f6c48a6a92a02f9f29b86474d07448f5.exe"
1⤵
- Drops file in Program Files directory
PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
62KB

MD5
cb37c92178697bf5cfe51df87fd7f87c

SHA1
d1013a3243a2fe36c2f617479c0d88e00df32b8a

SHA256
0d171a205f47e25bbaa7cd7f920511b7792207e802174179e5e8ec5558478f3f

SHA512
4a184137aa184d9028867681c8cc50618dfa94238e5e31490028d94b98e90735dc1444c4669bf120e8cc31a4a33c66ccecade89d19cf7617e3d8bbf0219e0a2e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
71KB

MD5
525464c03099e8ecf58f551ca01b2720

SHA1
5e651f173bafcd2935330113f0d16a0feb465df3

SHA256
ee0772487dbf0491d11305094b64aa8cb91421f8f35fb3addfb510815240019a

SHA512
6e532203c015a0445c3f4d1f8c81cce6fbe39d7934b3cac8eca99233eaad548b9cc64a918e3c03465c30f5bd5e95c8b87d5a58e81731c96a160961a91e4f549d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads