6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/04/2024, 22:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
Size

93KB
MD5

5c76b81105500848dbf22a25f921fa6d
SHA1

0991f7a89dd2dbadfdde4f1fdc1246c3d700d62b
SHA256

6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75
SHA512

c8ceca62f955900b71f1da5bb481930c9c29864792fff7ccaf6f81883c02d174f9bce694c6a735646d68f7a24399eeb787da271847e3cebcd79fd459959a4fc1
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76PDn+I+W:6rWpcOPxPke+e3fFpsJOfFpsJbgEODJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3451) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\StopCompress.tiff.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\picturePuzzle.js.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
File created	C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui.tmp	6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe

C:\Users\Admin\AppData\Local\Temp\6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe
"C:\Users\Admin\AppData\Local\Temp\6d0e4a264f20b286cc57299b495010878459deba511aac7ad2deb084368eaa75.exe"
1⤵
- Drops file in Program Files directory
PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
93KB

MD5
624c9e94ef12cc7369348e01687b8482

SHA1
4adc0ed0e07fdf1b848fc03f766fa6b1c129eee8

SHA256
cffa8e2df7ed29cf8e6801a5310008bc001bfc166b78c7f87f819b3ef2b09235

SHA512
f9daaef7e8ef838e7ce7b784cb91041bad31ae878572276f7b0f51a4ed36f74b88fbc193daca3a6ccb94566b2f1ef58e10866db3f8aad0d4ca09684792219d57

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
102KB

MD5
e99e1afb75a7002bab35237752aed339

SHA1
54f16c81e958bac327e4e425e2b49b0377ea6e61

SHA256
6529a3c78a580bae271f7a541041e59499cab1006fad40485b754990eb10346d

SHA512
c5052a9cb1efbe066e8ae8db69d593e50a0b2ad5568b4f591190e01752b13c8234da086a762db6edb4fee00d1fea609df1530179f603e857cf531df70c404faa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads