b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b

General

Target

b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
Size

95KB
MD5

524791bbecc6286a265c7567f4b23ad6
SHA1

2f3fb20bc9c1b59402bc543e01a4241db08b1dd3
SHA256

b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b
SHA512

47db43ec930f5c71dfb07d29c0d97170141c352d5708452d34f50c79c05637514eb8d732457245aa42945bf9ee8c53332f30f4a138395dc52858d36f9aab88fd
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNe0A0g:6rWpcOPxPke+e3fFpsJOfFpsJbgEU0Av

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3461) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\localizedStrings.js.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\init.js.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\highDpiImageSwap.js.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.tmp	b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe

C:\Users\Admin\AppData\Local\Temp\b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe
"C:\Users\Admin\AppData\Local\Temp\b7b8b0def33ba8c487903d125af773008ceb41b401c2b02df30ae2afc767db3b.exe"
1⤵
- Drops file in Program Files directory
PID:1596

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
95KB

MD5
2438e54cb10a8f5baa459be3d8a9e6af

SHA1
c76dbdea032699ee9d45536528477a9f7e0b9bfe

SHA256
991e76b2ea8bbaa937fe569ddda592b536c8097c83dc8de504fb3753c4d8cfe6

SHA512
15ccfa4aee7b03821bade7a9e8c75ef4a87691b408993dae037879fa5e014730a707e86f6c1c976ee6e49be3ee0855b690404cff24b96234a6e5530056ad544b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
104KB

MD5
3cf35ad3ef1172a521ea0831a81bdbd6

SHA1
81472e5115952ec25b30e485b102318933b6ee10

SHA256
012976aca1744251397c1a90e996842b45ed3b09b06b5a9d990c437dbf90ec0a

SHA512
e1d9052baa68b70122e9460fe4ca31bf1449e09019f93651839f09372f895ad586d21010623bdd1c93d2047b37c81e9989d101fc05158e425bde1f11b063ad04

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads