d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
Size

102KB
MD5

771c1b2529a1af94846b930f1e7196c7
SHA1

eca38268babd90954a2a4b3329017685db5db36e
SHA256

d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9
SHA512

b870fde77892082b3a8f8c509f6cf7b1a4197676dff731172419c166c837d08877c5a5932c8968802406903c937ef4238233c643059b0a80ecaa0fb0d869eb97
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPq+6cuwuFOn:6rWpcOPxPke+e3fFpsJOfFpsJbgE73/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3461) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\gadget.xml.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\SaveGroup.temp.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\localizedStrings.js.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Windows Journal\NBMapTIP.dll.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPDMC.exe.mui.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
File created	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp	d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe

C:\Users\Admin\AppData\Local\Temp\d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe
"C:\Users\Admin\AppData\Local\Temp\d3400b167eb7861aa23e520e4322aa76f654e06a969348ecad425541b3305eb9.exe"
1⤵
- Drops file in Program Files directory
PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
103KB

MD5
a7f39f352f99b50748281c6ddb908678

SHA1
0f96264d25ce39b5f6e7a6cfbbdc8aa6b378a9de

SHA256
0b7d5bf36498d6d60632e55fa5fa93608196d5e2987ccb8d89b5d834c0e77e10

SHA512
7480af1cf1bff5e0319ae3e53a138b566ce422954fa3eb90a4e6de7e8d111e31bb299ea4cd42abfb72f3fc972738f31f3ca1f155c9492a94f94927bf6378d3e6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
112KB

MD5
6eb5202ea634b432c65fbd8b01aa4c3d

SHA1
017cdb03f593cae53e88e04fda619d221e0f37cb

SHA256
1811b4336bf4ca434479f2460ca07995ca5ae615f2a4b7632167c1edcc2ee9c2

SHA512
988803fb92db613881a886e21c2c35d95053a6e056b4b467387231000289526b01ca6502c9892151b858bbdbec675070aac20ce8ada5a899e221d124a1806062

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads