8e93f6ae1cc0427a52acf313f96c422f6889419ffc60a179929ced1d65ae3194

Analysis

max time kernel
149s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7612665a1e20d4c0fb4564413f87363.exe
Size

126KB
MD5

b7612665a1e20d4c0fb4564413f87363
SHA1

adc61816e8268c1ed73b91c032214cc706564971
SHA256

8e93f6ae1cc0427a52acf313f96c422f6889419ffc60a179929ced1d65ae3194
SHA512

ee04d19d2e71b1490ea2ecdda84e00960908f7545cc46d843eb665cc7cdc8b596f322d109d06cfb3d3d31c658612ca3fdfef81b9ccbbcd10e8fb4ee958c71910
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c5VnD5:/7ZQpApUsKiX26B

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3448) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\settings.js.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp	b7612665a1e20d4c0fb4564413f87363.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	b7612665a1e20d4c0fb4564413f87363.exe

C:\Users\Admin\AppData\Local\Temp\b7612665a1e20d4c0fb4564413f87363.exe
"C:\Users\Admin\AppData\Local\Temp\b7612665a1e20d4c0fb4564413f87363.exe"
1⤵
- Drops file in Program Files directory
PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
126KB

MD5
4ab7e4e4deb3c9c76bf18434712ea54b

SHA1
1cfd7f6e57a3dd8cebe2302cf31a94a03e4b57a2

SHA256
44b171e1377e20e863f5aedd1e4b7642689061486d4e4197a24e13469e0b7e3f

SHA512
53f62788654f89d520046c6bc827d3c7fd8d3784daeb081115f86b069513aabffbbc6c18d3b5eab0a8b84eec2dae0db7b0779332c21ebdb7dc989226bb712e2c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
135KB

MD5
cd227bfef125da2399668b2b05e812a4

SHA1
f2390e7ffc7c61e673f84e556c21d9a395eed38f

SHA256
efdb80a584d734816d2a13acb4bd43c057168da75d4e6101ac7f79a7fe3b3184

SHA512
395ad3c2d49964ed3f38bb3210e3301f366c58fa93b4ccfc234dc28e191bc1d3da7771a06e1b7379c2fb03e568c96637323e9b8d8d79cbaa6e1b3fbdbac3d2b0

Download Submit
memory/2156-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2156-652-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads