fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
Size

80KB
MD5

093cdeb61d5107e65afec847a9f279f6
SHA1

95a3b620cf8cd7d02a10408de949f2b7264e4843
SHA256

fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d
SHA512

e44b7916f108021303fa5125a558684134baf84b48feff9d8153ec64227d5dc9896a738b8753e086a84c8bac26895eb2e33237966d754ccd9f07e66fdeb54dad
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2:6e7WpMaxeb0CYJ97lEYNR73e+eKZ2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3532) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\localizedStrings.js.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Windows Journal\es-ES\JNTFiltr.dll.mui.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\cpu.css.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\weather.js.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Windows Mail\wabimp.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe

C:\Users\Admin\AppData\Local\Temp\fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe
"C:\Users\Admin\AppData\Local\Temp\fe476002c1764e6d9e438d28fd8eed4d39bba4bafef5826ac982957a41ffa35d.exe"
1⤵
- Drops file in Program Files directory
PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
80KB

MD5
cfedfb178cd147ad8138fd583f2eedf5

SHA1
6771296de1dba5f3a02752f229ea0398f1b0cb35

SHA256
e04a004858acaa68db89d90f302bff11fdf0667c77023c11b4522541a597c1b9

SHA512
819ebc6ddfaee8aca6e4c6832c72f56d8fec80086aaacbd199e2a65e68f70da3a86aab52a2cad2851217b89247c7a2459dc941b9a6c4cc2b715d9af91463f7fa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
89KB

MD5
754cc5568d5ca66d7f5853e62f58f330

SHA1
ed0d4ecd2f783f6b0ee7e90db0f5a7db2bcebaf7

SHA256
c795dc1a5dca8260c5beb9dec1c7cda15e3ec7f4ce29e55daf87f7e8e94114cd

SHA512
c10afd40af83c0e4212c7feec6d68e5aa1c52dc6ac7987b91064732e94aefb29a6307f8470ddd4315d8f79d7598a02358b75f77284f0031f79378f9295f8c6f5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads