964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03-05-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
Size

75KB
MD5

9958c05d28e92d6b808bbedf2879335a
SHA1

ec6a7837cbccc18a40a7a5bf724b46f96782fcf9
SHA256

964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7
SHA512

781269252ecc59c0b96d04558f29b3a9dc8858f9f0b8ead725280114efa4e620472de6489ce9e53d402c735ae0ba829ea5d5c8264d07e7d30901dcec0d4486bb
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/n:6e7WpMaxeb0CYJ97lEYNR73e+eKZn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3726) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.swf.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMCCore.dll.mui.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPDMC.exe.mui.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\PICTIM32.FLT.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Sidebar\de-DE\Sidebar.exe.mui.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\micaut.dll.mui.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe

C:\Users\Admin\AppData\Local\Temp\964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
"C:\Users\Admin\AppData\Local\Temp\964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe"
1⤵
- Drops file in Program Files directory
PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
75KB

MD5
1eeda20f5c6a3663f1154c7cdbf4bb9d

SHA1
8c85c4e0ec49a22fe070d44a50c25310a65f78ed

SHA256
bb0af6742ebe1a23ef2ab972d96ad6dd8ea1b505a2523897df85775d1c624940

SHA512
0d413fe5448ccc29ab68d10474c556c87a399fbc57e5a765c56f199da774ef2715ead5faa66184b6d420a039977c1b4abc1c0f87fcac1976c75ec9c4d43a9495

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
84KB

MD5
8c984937e92be6ae8b021a0aab2a579f

SHA1
fa76689bfb8a5b9d7dec8f256fb997ead4da94ba

SHA256
377ef2acc40187516aac8f71da353dfc5834dd8845286b970a133a2ed9ec472f

SHA512
5c588c72e0080e6fb626b1ead6c8ddc6d2000d8b7465bdd8ee490441d3c51779efb5120fa0c74fa9c3fd96eb4bfcac94ec6c3bb56d0755d01621b7dc8d505cfd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads