d69fff9a198692bc047c4044034daa138355ed3f149c571d54880a1f2ec5f67d

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-05-2024 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89177936cb80c614d3aa96952ec6798f.exe
Size

115KB
MD5

89177936cb80c614d3aa96952ec6798f
SHA1

ea208891a7bcdcb23b2731bd1f96073b55a9c0f6
SHA256

d69fff9a198692bc047c4044034daa138355ed3f149c571d54880a1f2ec5f67d
SHA512

5c563322a1389291d334b7fe8e49d002ac6af8bea764a5fbf26a23faef1755062eed33b2f460de805f58b48650fe7d09a08d4bae26d7fcd437a6a17c5f516025
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz6:RqlIyFESWu0SWuGSO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3466) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jre7\lib\javafx.properties.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\picturePuzzle.js.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmpg123_plugin.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Windows Journal\fr-FR\PDIALOG.exe.mui.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp	89177936cb80c614d3aa96952ec6798f.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	89177936cb80c614d3aa96952ec6798f.exe

C:\Users\Admin\AppData\Local\Temp\89177936cb80c614d3aa96952ec6798f.exe
"C:\Users\Admin\AppData\Local\Temp\89177936cb80c614d3aa96952ec6798f.exe"
1⤵
- Drops file in Program Files directory
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
116KB

MD5
c73dc79142ff22dc29e5b6488b74a11f

SHA1
51d3ab59a10c9899a59923a50e46e70fcf69b0c3

SHA256
73faf64419c02bf915d3f4e10d6c1ad30a6986d16349bf098c1f97a6f7365898

SHA512
675260eabe0f133d288ae8041f4c749c497ab40e0d95736e49d3b9c627bf9b6c19cab391db5d8ba4f7599d0eea3eeded4cb54d67a028112a9a771099cb70aece

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
124KB

MD5
ad8eee9cf859121d665cda18aac4ec4c

SHA1
727f58d20965dc80758abb4731b0ec221fb88e08

SHA256
366944a1e6f56c6687c1f0f396b9c4c30695962f223c61863f0355fe5439003e

SHA512
ad8bb212f2f0c19425fc7848ee4b174cd8ed099188760f6edcdb99247747c1973e9d1f979966f695f804f3ec799ab1083e6794941a7f764fcf6a5a9c6a9f7a2b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads