bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-04-2024 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
Size

68KB
MD5

18f74d04b1dc13e0ea4282e0aa62073a
SHA1

b23ef97eaee6e53cae1311e21a7f3114d39a4586
SHA256

bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a
SHA512

63f6841d7c1679c31f88ca1a46125eae30d5d170cab241306901791820d240e4981985728346d92420923a0b6b054155478139a64b6c10d3d879f02e11814804
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhG:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3593) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Mail\wabmig.exe.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\weather.js.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Defender\MpClient.dll.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Mozilla Firefox\install.log.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp	bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe

C:\Users\Admin\AppData\Local\Temp\bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe
"C:\Users\Admin\AppData\Local\Temp\bc61e6dbf84818170c10d537369d5d9cca7a1342053739221f3bc4d0a569121a.exe"
1⤵
- Drops file in Program Files directory
PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
68KB

MD5
d1df639342502f44c2f1b5adb3826cc5

SHA1
365776fc09daa72a3410012aa1a6725ea0c94283

SHA256
34ab988ff67d5aa86d7e589105fb468be7b08063313ab12d8354e71f769a76b9

SHA512
8de7529993e783c7deb52e53c58e17e59fa53946b177ee786e6d330a6bdac91814710e459f498455fc06500e33e49b4ad6d005cbc481ca14c9bc43617f31addb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
8e44f89f808232af789414de81e59f02

SHA1
714a882699bf4d109048e6721e28bf82f8910410

SHA256
af37edadff0b7ed1c02c16b0acb6bf0cb12bd93b48cf5a8a383e8812385ceabd

SHA512
84fa2eede645a3b934e5773adcc085176c96dbe9156268aa0adf892ba85e29822a7b8643457193cc33933e793dc3ab258b73ebd61a00c6669ef40dd83ee83a54

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads