becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
Size

137KB
MD5

3fa1d1251017f175b94555bca9cd3872
SHA1

e8c8194633f5e736ba07fbca99830a37c5483bf0
SHA256

becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28
SHA512

105e35507b3b2452eceb0b65a728a6704a1d8d0895536bf5abab98d96c42595c76020f4277822bab80cda16a00bab4a966e1696251c8378867c4cb88c7205af8
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOf:/7ZQpApUsKiXBvzwvzXJvlwJvlJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3390) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\UseUnpublish.WTV.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe

C:\Users\Admin\AppData\Local\Temp\becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe
"C:\Users\Admin\AppData\Local\Temp\becc70ef04ee703b9a24bdfed59ae46872381ad944b4c0c9961a28116dad7c28.exe"
1⤵
- Drops file in Program Files directory
PID:764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
138KB

MD5
36b917b011e9ced564bc6de675190edc

SHA1
b55f877bb0af068167ce7d3cd850790639e6eb12

SHA256
6ae51b26b88bae1936973ba0b86c2375aab7e3506a9a7ed35b1c602ab9acfa4d

SHA512
52989d6f7145b4c68e3b424c737a1087d5af007c92727b8e2d2c8e4fdce52abe2373a4f034bde4fdf7f5502c1d83f26b94661da53549cd51308739c31f5e738e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
147KB

MD5
b72e5b0effe7147eccda5cb2e1006809

SHA1
3743b497babd46bcbed84a2a5e261d90b475d64b

SHA256
78ea212aca450f416d3d5488d79c8301b5fa2599cfde6a1fc23a521a3d129162

SHA512
0de10723821e610b78f8a9f8b2a1a94b7834a69dc89512ee2f7ea7813c1a104096a070b941b04a163cd49053748c876835cb1e3b7eb9b4664dc388ca40c9da32

Download Submit
memory/764-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/764-542-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads