cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 02:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
Size

74KB
MD5

5d9a765d32af14743c50cb91ba2ab765
SHA1

9c8b0b195511897887f08afd72c868bae012ec27
SHA256

cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44
SHA512

54818c3b63b6d67a049821f0cd4db34178af5cb3f5ad33a5f7646ce2f646090c48540f653a6b5a3ebddfcc47c1c23f6847d971ed5dbf30c9cb709dae20f1be35
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t8:6e7WpP9oVLQthbYY9oVLQthbUrt7t8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3681) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\localizedStrings.js.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe

C:\Users\Admin\AppData\Local\Temp\cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe
"C:\Users\Admin\AppData\Local\Temp\cf2df3c545f9695f90482de6dd74a93cf9d3ed391ceec888d95a474b1effda44.exe"
1⤵
- Drops file in Program Files directory
PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
75KB

MD5
3968989a80d425b3de6021771ac2e070

SHA1
c2fb516cb5f9d3ccea9078675cd1fa92ab0c4749

SHA256
4190eec98a257dd67f8e4d52531bb1275f747509898e4affbd1afdd10011aba3

SHA512
1bfabe59b5ee82b042a0400aea18a68f8ed79deef382fc33a4f0c7dbd9ee901baacc196140f9abc5affff89ab35845c76189664203a4b7e4bfe57ab20d8e87c0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
84KB

MD5
33d5c149709e64ea854c6fb42619b3fb

SHA1
f22f048e7986668aeee71d65e8b36cbcb7c5757c

SHA256
bb6c8e2eb3a6494ff696856cdb1c5715b90606ecdf17c837c3cdaf815d70650a

SHA512
1aec225f3dd7e3a4d563e89bdfb2164b886eecb9b0cac8494273fcb924048687e091727fa961938461eb034038d85d73d0a48a7a5b446f2595425c0ae68e06d6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads