42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 21:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
Size

66KB
MD5

1816cf3ba69e5b46bdf4cb4c4e2482e0
SHA1

e4cbe4163f5734681aca3eef63cc19906412c78a
SHA256

42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320
SHA512

5f969e2bd62de36f6b7f03cae0a182f7eac8c151faa95f90b6f9667b981363f057e7b13ae34a11c912b760e24be4285bceb194a331a3dc45c1d0c55a320e1378
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORRe1:W7ZDpApYbWj2WTWJe+e/qE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3701) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\settings.css.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\vlc.mo.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe

C:\Users\Admin\AppData\Local\Temp\42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe
"C:\Users\Admin\AppData\Local\Temp\42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320.exe"
1⤵
- Drops file in Program Files directory
PID:836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
67KB

MD5
0739c1c123e9f7c8e68c8b056b5b4346

SHA1
c26efe82edc94c2442afd38a4430653f96e6f770

SHA256
832e901e80953e62166a60719c4dc4f72b2f8dec4d78d56b5c2907b13337a120

SHA512
9549d7ff45f647aa2f721eb8a0835c85715550bd3c2d19f5c2d90b89ddc9ea5b3e2ef276b050677516c815981acd8cf58f3e30bf700eb89d1b380371e6da83b1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
76KB

MD5
30967688a18ae09b44b837c24a71f22a

SHA1
d4566b1cb8dbfccff6deaf756366ce5f7f59abd0

SHA256
ea86a9e39dc204fde94d11279d42475c3501796e9fb765b5eee285784286e532

SHA512
653f70f94328a75891e1a7695940aa3790722b4b05a9884bfb1e5b92a6194602abd9bb0eb8372c86809b5083fa939c6965630589e6d71109b563772a3fb4a9eb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads