6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-05-2024 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
Size

297KB
MD5

f798d619916a331f47a820e162bb5041
SHA1

85da23937901f6ec0d637227e1adf00598b8da03
SHA256

6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa
SHA512

5c4747dc64a5a29fc26d5e82612451056660aa2a98147ca23a9d5b1770dd43176db6fe84adb8697f9369bae9ec836854d34a14daf1089264186051d9e98dc9a4
SSDEEP

6144:RqKvb0CYJ973e+eKZ56itOImvjngu7/BRXF8z/LYIXiY2+8AFM:vvbxYX7Z56OOrvLLe7LYIXiY2+zFM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2846) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe

C:\Users\Admin\AppData\Local\Temp\6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe
"C:\Users\Admin\AppData\Local\Temp\6622c17a7fedec104437121645388fa72586a7f158022c6ffe0bbf5e9f0071fa.exe"
1⤵
- Drops file in Program Files directory
PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
297KB

MD5
9776bba640c3a587a8c8233161457d55

SHA1
3cd9d974bca410f3ab301a037d91cdf4556888e8

SHA256
05f37ebbfc259315340d6d74c8ff41fc8af42470027e862212d83a14bdfe3ba1

SHA512
7553bce053c0cf5c6e9d29bcd04ade5908650bea7a5133bb6c825e5d5af1825186687f716749103e8dbdd55530a8e2fa5074de3978102ef1d6fe48dc0176a3d7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
306KB

MD5
71f5818f60d9cafe87bda63f39cb8ea2

SHA1
2dd4cab97b456a93f8fd2397da0dd95741e1d251

SHA256
9794af2fe987d8bad6bef626a53ffa9d286b5b3ce893386d6e2fd70a9815fe1a

SHA512
1d81d694858025261f2fcaef8cb537604e54cd3072990f125b96fc3e770addbe1b3811e3ce746e6d54f8f41fa36fb130a63e5e4ac89978a89405e0698cb918c4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads