aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/04/2024, 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
Size

71KB
MD5

5465dde4d1726d1b24c1c564370184bb
SHA1

4bef5f5136759ff932f4d04bb800a0a8ffff688a
SHA256

aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd
SHA512

065aa5598de1d14d090340446a2a9ace8eb4dfac8189a24f5161f33b5cebbe1a41906dcd7dd44978ff3298f506d8876f51ce495ebf65a5724fd4656e6cdf256b
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65TGAzEWzVNOx0ypIzIu73mYdE9aC3s9XL7EWzVNOd:69WpQEJAzEWzVNOx0ypIzIu73mYdE9dl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3705) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\readme.txt.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Defender\MpAsDesc.dll.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\localizedStrings.js.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\gadget.xml.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\weather.css.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jre7\bin\sunec.dll.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.dll.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe

C:\Users\Admin\AppData\Local\Temp\aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe
"C:\Users\Admin\AppData\Local\Temp\aa6b0c7bc3b86044d083cc6962693ebdc0a360b22c4787b92ea2c17dec6dffbd.exe"
1⤵
- Drops file in Program Files directory
PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
71KB

MD5
4f17499a453a817dd8cc31e9c0dfd2c5

SHA1
7087444b422c74eed78c1b3fe923b820141fb708

SHA256
c60c21efcb1b456953534a57cf007627f8d158f3e09110c73c3facd33b27c083

SHA512
8fa4b661a8ee112af17ca2c59050b01fd3e8d01e2877ccd8e04d43e4141f5a8fe94503cfa436a14cb7a14fec0c4026b23213994fb1c4ffb24e24eb915de15fd9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
80KB

MD5
3e86d01456cac443bc7f0976ed2cbaef

SHA1
b19fd7c417f5cd1087269a9da40826126d7cfe30

SHA256
94663b5e51976b392c734df4b8570c8d0fb1dc99f6b3d227860b8198f40d2cfb

SHA512
6c6a226508a742ba72e07dc8b21561c2bdca2e096e686ff1d1ee5288d095a5256d31d0713e2c0664634a53f5f9222367716731cdaa72edfd82d95e07890eb090

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads