04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
Size

102KB
MD5

4824f12aacc8081e82162145dcb836c4
SHA1

110b7369f7eeafb97bdbacf659dd1f5bde0628d1
SHA256

04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6
SHA512

f9824a5d80f7b99408ac81d8ac45fd7ce74b4f16065298df2230884e0939ed1d8070c10889a238efe68e638b93abb11ea9b8b881b2de354c1327acc17d8e02ad
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgE2GEJdwJdo0j:tFPxPke+eI2Gr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3433) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\init.js.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\gadget.xml.tmp	04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe

C:\Users\Admin\AppData\Local\Temp\04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe
"C:\Users\Admin\AppData\Local\Temp\04b4dc63fa94d65666241733a360a33ca70b3e35fcc328a0308aa72cd5cd6cb6.exe"
1⤵
- Drops file in Program Files directory
PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
102KB

MD5
3271fecaefcb93328afe5051c921a073

SHA1
7367fcda212e14f8916d205c652c52b0737684bc

SHA256
5a55a379a412bee8e3ebea112af0e5ba3a7f45cd5672cb7ad97c54756641d9a6

SHA512
f75b276a9bdc29a9aa25b08d80c398f7d12cfa9df213176b32e49e23501d8511210c75ee23e33e61ec9319043bf8ed415cc7c9f38c3fa3a670e477109dd14347

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
111KB

MD5
af406510d3652ea027782ad2ebb161aa

SHA1
ce475bf22ecc40d2b33e2d11f0b4310743cf5a7d

SHA256
1b54150640e759898019c82cf0f0b73df9544bb90d4a8e5a5c8132d638c53256

SHA512
bcf3a4a31fcdc93286bfa41c37fe12592ac9f50579c35458d3801c754061441a43c2c12dfc568a7f297ab233de6ab042307d2c3e5e5f93b136d60ee513089c8b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads