352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
Size

87KB
MD5

0b9876adfdda79cfa4d001806f0c5799
SHA1

59f913b83b516d7a6e05eda640f2c60c46673ec5
SHA256

352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc
SHA512

092c5c2be4ed0dcfa210afdb164a0ea9b9e94883012461f04d852775d99a21147bcdea1c743b97c0b748e676334a3dbfbd69b62e60bc4c0b7e633382703ebb63
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNh:6rWpcOPxPke+e3fFpsJOfFpsJbgE3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3445) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\settings.js.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe

C:\Users\Admin\AppData\Local\Temp\352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe
"C:\Users\Admin\AppData\Local\Temp\352a64f160c39ae8c286dab8af4bebb7a120697ac02b4c0cbd732d64824b02cc.exe"
1⤵
- Drops file in Program Files directory
PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
87KB

MD5
2195996b93610473353815eec05cec9c

SHA1
8f8e9a728c093b65109273649a6f16f163925a89

SHA256
0fa4bb53dc87222dfc489047ac646ade50658929cf2eee17ac10d5404b4b72f1

SHA512
88903e80abb0676f4d662a917c81f22474dd441a7de0f76b8ea4093c88661bea199df487ec195acd1ef89a67f468b76751d69be7022521a2f15443ca5b89706b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
96KB

MD5
03ba676d25c2ab914d41eee89602f89c

SHA1
de18509126159bf405f84338193ad511324e6851

SHA256
eaac460c2d54ad86f11e7bcd840b6a984561f87c563c339f61cf8604615bf232

SHA512
ac87dcc5200a2329c20c39c8c7c220c5f44ca38e33601c69be30bd1cd758db80ac9b181d8c34022105c65558663823574613c72b48241dd65414d1931804025b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads