13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275

General

Target

13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
Size

79KB
MD5

59957c1c4894e03adda1e03c27b00c9f
SHA1

ffabe70509fb31fbc25c247f5b20e16331880018
SHA256

13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275
SHA512

a88b6993975fc7e05e984ec5dd9feee1647276ef4f25aaddb426bc62ac73310dffd6b7759ac080cfbbefbdbacf1e939a9f67499061888d6da39275302108b4d1
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/7uH9uHo:6e7WpMaxeb0CYJ97lEYNR73e+eKZ7udh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Windows Mail\MSOERES.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Windows Journal\Templates\Music.jtp.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\RSSFeeds.js.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Windows Mail\WinMail.exe.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe

C:\Users\Admin\AppData\Local\Temp\13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe
"C:\Users\Admin\AppData\Local\Temp\13b8a21a2eda98753a133486941d82c95583389ff4a7647700e6248d30dd9275.exe"
1⤵
- Drops file in Program Files directory
PID:2856

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
79KB

MD5
1b77b51e2801100a2a7ae29fccae5aa4

SHA1
cfac1833d71a53dc82f868d956dbb1d929537942

SHA256
eca55a448d760ca4fd7bed4af2af56930cff14bf60dcbeed8ba36f95fdd4172d

SHA512
6c92209843259c1295f56b3adce5e2acb456fecf213f44948cd5bb5d8301e6a1b75f74230deab20a6a8bc202f4fe6645f645162d1a11cd886530da09efee1a5c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
88KB

MD5
f8363061dfec1c0ee266f1b83e9318ac

SHA1
70fc7af181b778a3681ef8694949ad9001d6fad2

SHA256
708737e0fcf3e2abd5f2c5b5bad4059ba049183ef7a1c51d22ea8840b5db6bb9

SHA512
c4d5fad9acbb21835c7b1f8d506b3727397a5715f7d1721c86c00eb2248679614bae2610c52a6800dd62ff08f03e1070cab16d8db0006ba03f544256ff1ccdd9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads