a1644f20289c9f6f6ddcedecd4a01798a285f64b80f6c6ac73ad9cf33bb00839

Analysis

max time kernel
90s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3def8f10322d4cb24eaa0329b48f3127.exe
Size

49KB
MD5

3def8f10322d4cb24eaa0329b48f3127
SHA1

a18012372ae4ab44f1000ae08b0ff6794eff3ef9
SHA256

a1644f20289c9f6f6ddcedecd4a01798a285f64b80f6c6ac73ad9cf33bb00839
SHA512

14b822648f79d31ea5f04a4065580e3efdae7f884dacd88cf0d8a354f87204bbb2bc60413440a492cc371e300a402887c25bc0b210cbe2e40c97fcdd73b12bdf
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2Fv:W7ZDpApYbWjCDOI

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2472) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jre7\bin\jsdt.dll.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	3def8f10322d4cb24eaa0329b48f3127.exe

C:\Users\Admin\AppData\Local\Temp\3def8f10322d4cb24eaa0329b48f3127.exe
"C:\Users\Admin\AppData\Local\Temp\3def8f10322d4cb24eaa0329b48f3127.exe"
1⤵
- Drops file in Program Files directory
PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
49KB

MD5
63672e61b6f8de156b3164f5bf96f847

SHA1
12d91582847dc9e2492566d1f1b6810ec60b0afb

SHA256
2c4a486023fab2345c16a3cc8e0947c52ad65de7a87a4151b70668cb2c3c7aba

SHA512
0370b15b0a7db598d78a99d3d66a9a1ec1758f963de438229b40f763b135c33afd4d623b78cda4650688e656079e9dc30ded409d8cb869f93fb4880b9abb969e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
c55d0ebcd2330130b4e400e78bc3d9a7

SHA1
e16002c1f6d6b83a8e0cc2d973bfaa446bbbd709

SHA256
22c3f3c563bd872fd67ac141b9b1c7c09a53400c994b8172a896f5c44afeb8b2

SHA512
c6dee64ff93f36ab78a6281fa1f112f02ac49c1eecd7ca3e032383637438e72afb56375816f786d6f5cf135f48427e7b2d09241be74534d73fdf62e53bce8383

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads