b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 01:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
Size

80KB
MD5

8ed30645b43e2eea6aa96ac54ad2b140
SHA1

0199a7a13ebdd06eea63ee03e7aa6c36fb8f38da
SHA256

b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759
SHA512

cf97426e00d618727f14d56e266641ba72d30b27f5b53340742e2a492647811ee7ea7c714acf2a547a5b57e53e456bf8baef3261b4b5f6c0afe6acee7abcf51b
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lDX:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3453) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Journal\it-IT\jnwmon.dll.mui.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\settings.js.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\gadget.xml.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png.tmp	b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe

C:\Users\Admin\AppData\Local\Temp\b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe
"C:\Users\Admin\AppData\Local\Temp\b341eb6b2a15ef55e9bdfe2148f1541b79b4022816024cace1d93fe77d617759.exe"
1⤵
- Drops file in Program Files directory
PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
80KB

MD5
9351e0f829eadeb046c5944c2a77b730

SHA1
50ae4ae027062c9b49eccd7517e41e42a269d210

SHA256
7c5ef235cde928676a3d10da0dfdf358f22b038a72c6626ba8e79010caa14dc7

SHA512
d29b03fb7e1ffcda1295ce32a599f16c0c836f28a1c5101f3e5371391c0f32ec1d7453f77311c14585307031fae99fab5d603af0ab564e4b85ed9ebd8cb8d8da

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
89KB

MD5
a3d165ce51e4a74f8f5351b4cb014a3f

SHA1
02e0e997141a58334e67135d76cb634fe669b9b5

SHA256
6e58b9b6099ab75a99850f44fe823dd9ecef1a2c879c4c440f7b555a7b07f413

SHA512
bf99279af1ce62549e598a6e002c10ebd51be37d63dd634a6092643ecf6659900a1476bcfcb7d5782e3eacd4416c3104c3bbae7270ae444ef34e59886245e50f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads