6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
Size

75KB
MD5

01e047e571b14284314119b6bd972397
SHA1

8f5810e18bd118fa16810d50e0e206def42313af
SHA256

6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14
SHA512

474f375341702975bc9409ce856e3593f604baa6bb2570d6fc33ba7e066d502b8e4d05ab12feb715869addee69427745568ebd7e622ba3b0f4c0f6bbcc33accb
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Ppe:6e7WpMaxeb0CYJ97lEYNR73e+eKZA

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3689) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Windows Journal\ja-JP\PDIALOG.exe.mui.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoAcq.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\RSSFeeds.html.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeAUM_rootCert.cer.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif.tmp	6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe

C:\Users\Admin\AppData\Local\Temp\6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe
"C:\Users\Admin\AppData\Local\Temp\6ad31d4dd8e8ea567aa6aeb8ccedc1f142510f3a7cd62e107e69a2785352ee14.exe"
1⤵
- Drops file in Program Files directory
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
75KB

MD5
dd1077e18165bd0178bd52910a595f4b

SHA1
e324aea367e48d29f3194535ef648f2d44db48d1

SHA256
6c983420977b22069709621b33d431981d1314db124e155627581a65699536b7

SHA512
800ebbeb332c2d0b20558fe61cb5ae94e0fb9dd2e85a33f2a34ca1e68ee00df26c4244ea493bbdc0267c5709535a3f2396de970b864041db7f65c79e29a32fca

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
84KB

MD5
e148f41bbfbd35959cc076ce2af2a8aa

SHA1
bc03b717d8393b3e201b50805369297dde2b1539

SHA256
bba9fa1a0af5791532cc2161d3c42c31a9e73ef91be45872c10a712ff416bab8

SHA512
6d3735769d0a78a9df59cfc98b67e55dc3f18d76b40e31919e4bd76722c565eab2828c3f8fd420db14bf4dd6b7f23068fa92453312961a1184213c366b9a3ae6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads