f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01-05-2024 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
Size

112KB
MD5

1f2e71fc8ab7178960d3e6c4553e58c6
SHA1

01abfee3a2ee3f3c4a2fff9464cf859bfd0411f5
SHA256

f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917
SHA512

92ad961175a10c570af800795f50b199f7e2eb9d28f945a62763683a3f23ee985a0b9e6dfdb4a4cc9a41ec6d2a0f64dd9095e750bc0d5d9b4cc284a88e453cde
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5KcMcoYJIJDYJIJ1wq3FGfQsblBOi1xAfQB:W7ZQpApjIKTie+e3wqUJvlwJvlQ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3443) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\RevokeOpen.odt.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Windows Journal\it-IT\PDIALOG.exe.mui.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\gadget.xml.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html.tmp	f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe

C:\Users\Admin\AppData\Local\Temp\f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe
"C:\Users\Admin\AppData\Local\Temp\f476775367ffc9e42f959f9eef3131aab3d12691e0943392e4a96516c52c5917.exe"
1⤵
- Drops file in Program Files directory
PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
112KB

MD5
49b16edb19ac4ee770775dcf9485a5d4

SHA1
bdc680a45fcf8b3a933addde1de4b3e26b6afd0b

SHA256
ed8faee64e149086d19c62fe2373149e18ba9c331be3913aa588e34e571441aa

SHA512
d1a61ea6f1470aa751f4ce10de475ff4a5fa2aaa9a7ec727cd8d086ba5ea35c25ebe2dd65f4a2b6cc722b1e2ab76b7974679ebcd027e7dcef3590990ea6df22f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
121KB

MD5
bba9f3a904eee50b80c416dfdb1ad3e2

SHA1
f60af4b75f03b6563075a6dd0761892d01d2adf0

SHA256
1571e5fc5e6f2037425c7def6cd4ab86125ed096391bf6b4ecceb8bb7eb91683

SHA512
8af9f8d2c2a329d2ac445737e47d9403171e0f71ec7937ce7ccf60e9c29aab7a4f35b5040e169e3a697fa25f3c1ed0ef404322753f8ef16b5cdd13e38ba53a89

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads