380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
Size

86KB
MD5

590a5fbcce789d6e66505c7fb10846c3
SHA1

3a2c5952a8c173660405a8f575aa89d631c6d719
SHA256

380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6
SHA512

8bfe0b0921728bd2f2ce4c4f9a8f924c4948d8863f086af9f18d5ce832eea15eb5928d0e2e9fcaa735d710814a3cb5dfb936bf9766436db4260183fa58400f31
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/I:6e7WpMaxeb0CYJ97lEYNR73e+eKZI

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3699) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.ths.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\settings.js.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\currency.html.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Journal\NBMapTIP.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Journal\Templates\blank.jtp.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\cpu.css.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\MTEXTRA.TTF.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe

C:\Users\Admin\AppData\Local\Temp\380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe
"C:\Users\Admin\AppData\Local\Temp\380177f8e0dcbb45261a5660b91de29e0705e1332c2d9f593c7b42653c3bfac6.exe"
1⤵
- Drops file in Program Files directory
PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
86KB

MD5
ee7a3164e7b97f699504d98d39855877

SHA1
88c7fa7c5ea905a1e641aa3148fe28c297ea6c9b

SHA256
7bcc31e24ae4688fdb91165401847776041a2c8aa33f47e3ff1fdb02f0c0411c

SHA512
0279be29dafb84e46510adfe575fae0ca3a6f8f87c5f3d43ac92755e68bc8d218bdab87fcccae58a170f2c0f243a267f45e5286bdefdcdef46d227b409c98a96

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
95KB

MD5
516d3df57363bc61d96cb9a32bf23e71

SHA1
1458ad48794d4d3d99301b1bf71088363b2fb994

SHA256
190f9903abbd0bb6b0537fb563d47af8d53430eb637c9d2924a773f9b554b037

SHA512
e0227b6da87ddb09bc3a37723b9173db8856b1ff00563f1ee404239a3079bdc071fdc481da766efb4fd8b379a825e4419f5f9d252ffe45e2303eeb972f092e3b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads