fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 05:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
Size

117KB
MD5

c6d30244c6fb68464fd8270ca1721169
SHA1

cce719c7ee3b1dceca949780c36e06fbec3742ec
SHA256

fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c
SHA512

edfa353995be2b6de0f89b114490dabada64b951d1948ab42fc2dede2f659173748cdbe2987dfec7151ad23e8a3eecee25da11a046a5ffb7022da2ade98e57bb
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5pYJIJDYJIJOO6O2lpHiJOP25LqrH5HiJO/:W7ZQpApjIWe+eoO6O2lpiMZiMXB

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3442) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\slideShow.html.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe

C:\Users\Admin\AppData\Local\Temp\fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe
"C:\Users\Admin\AppData\Local\Temp\fb8a613403f167633511a3b571c4d55b4d52e4d6f87d2dcb92236037c087963c.exe"
1⤵
- Drops file in Program Files directory
PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
117KB

MD5
d04db0c3a2fde064639fc942b18dd578

SHA1
0b370d7ca29cea13fe0d9491ba063f60f8f3fd20

SHA256
ee7a6e2f8020098d2286be938fbddb02ceac71c964a6cad5ea91f6c65143d206

SHA512
4dabc296685124f35c3b8f675103b3bc002cf7fcb28d4d218350d2f187fb3535eb894a283473fdecb359df50f4ba261aeee3b4e2ef3a54db326959cb28883e12

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
126KB

MD5
ca43699298de0ae2976b4ec19b6a275e

SHA1
8abbc6549916c2b710c464ca5145b907bd4f86aa

SHA256
5010cb99a1768afc6a51a619a7489a65113e6b472bcf7f38dd7dfc4628273890

SHA512
4406cbb71270449838ff6d4dd8f0158ede07d3ed9c7abbd4e9058e0b66fc2d8631fef91ccacd9fb41c2f4ec71fa846de9f02ea48c9e64f3762898848d44171c3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads