fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739

General

Target

fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
Size

79KB
MD5

15e4e3b70d0cc0e2979e2faa58697a48
SHA1

1a2f1d246a19316670dba202af1afc4bbd67c92d
SHA256

fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739
SHA512

71abd120e6a7390efbbb09e05e3137b14ebfa68082bcee31ac3c5155cb5a07bf7376aebcf8cdec7d1fb5ae5d7d3f52adca5e5e2a89bfb38151b7720019cd04bd
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhJ:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5006) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL020.XML.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp	fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe

C:\Users\Admin\AppData\Local\Temp\fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe
"C:\Users\Admin\AppData\Local\Temp\fc9b4fc8c5dae20924e2266d9c50b6a2ef0cf2a22352205877969ee97c38d739.exe"
1⤵
- Drops file in Program Files directory
PID:4476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
79KB

MD5
692e1ab3a1605041e7f34790e260dae9

SHA1
dad8980753a6b59f52df990c953eabf1b756e984

SHA256
6e57e27bc5e1b3db6246a193ae87340b334d4d78e40febc25bf8e51b59f01226

SHA512
41727bff4c303ec753d96678b65d74599d1c1050bc8ac63d4701e4815b1b7fa4a0c38c3b0f97104dbb8feff2d765431f9001926d4efd151d0c901630fd6024dd

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
178KB

MD5
6811e7aaa233dccc5a49f064fb459020

SHA1
162062b700878a3e06b95a7ea13b3ff4615dc5a7

SHA256
9779d7ee7bc913bbbc565f0e092ecb17f3cd514b921bbf1af4bbcb0c17f53509

SHA512
f701239b42581aa895bb431edc91edfc3529d8e0558259bfd071d080742f8cda4889e8e46dbbd635641c90cbb33eae5696576007426af47d9085573da90d39eb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads