dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa

General

Target

dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
Size

70KB
MD5

297fbdb648bd9940e76fb16f68a5300c
SHA1

63d7ab6533cf37ecdd5cd909aedaa549aaec9fb9
SHA256

dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa
SHA512

82fe32988f93b1b9aabbf0ff20e9b15c39b2b873467754c6cc9608fba1424af022da1d9dbeb43fcd935ccec55335ed076a3ba47ce1101b41238830488ecb3bf9
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/UQT3:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcx

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3682) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\gadget.xml.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guyana.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Windows Journal\NBDoc.DLL.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\gadget.xml.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\cpu.js.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\cpu.js.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png.tmp	dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe

C:\Users\Admin\AppData\Local\Temp\dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe
"C:\Users\Admin\AppData\Local\Temp\dda6117399353ac0095c91ea49f91e0275aebb5b4d26666127e1e821c410affa.exe"
1⤵
- Drops file in Program Files directory
PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
71KB

MD5
f91e1428b4223fa6507672ae41b86ca2

SHA1
afee58c22450edecc26ad1d3003a8939197b795d

SHA256
1d620c775bea5ccc5d72d15d7a786f471ef406709189c9fcd4b4757af99461a0

SHA512
690d2bff1a85805d0dee388f20fd7b1fa0d59bf5a39418bcc23ec1e01d68254936f9b12eb631df2fe7cb0532bf211b431cb7157559e503e81e53897f15439da4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
80KB

MD5
a10aa5e05fb1e6f967709e55bdd92375

SHA1
bd7f8f3de296ec2485b780ff4473326e5029d689

SHA256
8c353131ba0f542cd419b55ebb151accdaced4e0fd510ce3138540575a69755e

SHA512
a05544ace0e33bc990f5780f50dfa7a47601f0f06f50d1768b09cc050d763331e29d72d177b554aff8ba0e03754b658f563ffa9429080192020cd2bd927ab4a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads