b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
Size

98KB
MD5

4a50c4476f81d236d9cc4d7ead45d30f
SHA1

3dd8018cdc8f82c09fc0e3c2832a934d5ed02fdd
SHA256

b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f
SHA512

51e1bf66d445d4be6a1ea33bce1617eff284599240b91d3fd399d1f05b88de9d6ffa9a86a8ffa7cc378fffb806c6ec0020b26b7934bea2d89c9a08ed72539041
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5pYJIJDYJIJOO6O2l6:W7ZQpApjIWe+eoO6O2l6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3270) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\ConvertToUnpublish.temp.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\shvlzm.exe.mui.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe

C:\Users\Admin\AppData\Local\Temp\b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe
"C:\Users\Admin\AppData\Local\Temp\b4279de2c084ce78921b06ff2cdbed2224f59dac8e595d3bb3ce4b4747b5c30f.exe"
1⤵
- Drops file in Program Files directory
PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
98KB

MD5
2c4e54c949a4cec923415bb8c5f6a43b

SHA1
eb062bb475fa93e523ea16ba2b02f736bbb0d8ab

SHA256
180467c4bcb433d82c52fdacf916f7a5da4205dd3830487d66ff9ccf0b41e9bb

SHA512
1d3b18aef02ac0fc9ec50b383fd2e3c1ba2409a97426097de6fc7b6aab62bc102d23b51b41135f8bef9914b3b4c950ff631b4c21e91fe5d53f80b51cbdc71591

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
107KB

MD5
685e39fb1be1ba95ae4661f064c0dc53

SHA1
c38ed505cd7c3e55cdda093fd26b65a1d5d26b0b

SHA256
438cc30315fb0eb74248e67335371d1343ecae4d41eef70f6ccbbc1ede38490b

SHA512
2e4627950dcdfd32efaf0821f8e6f478287515bb1ebaa8d4206b811d204a39f6b96e5db6fa4a1c93329510567a0fb08b68aeb31a9c4956a02151d99db689dc6d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads