6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
Size

136KB
MD5

9694a2890fed569c1f3b6d57e490a947
SHA1

01a4b5269bb74fa681e6c5f4eeac3f544472b142
SHA256

6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db
SHA512

7118f9a4d56994f576e7455c9020468b50f01dbb184fec61f2399035fb95f59d3243c1a0deeb89d988c95fbc528570623245a6ca772b6797babf99f7f2e66ff7
SSDEEP

1536:/7ZQpApUsKiXBvzwvzXJvlwJvltbpKZKM:9QWpngTJdwJdtbpKZKM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3447) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\HideReset.xltx.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Windows Journal\jnwmon.dll.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe

C:\Users\Admin\AppData\Local\Temp\6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe
"C:\Users\Admin\AppData\Local\Temp\6fd622ba90d2c715014dc9207df4bc04114b8b97f8a601f5b3532eb83c2238db.exe"
1⤵
- Drops file in Program Files directory
PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
137KB

MD5
8192de0fe420bf8bbd3f0a841bf84701

SHA1
6d841686bccd88321b02f56d817a329d021a1e40

SHA256
d0aff30e8bd0cd95e225fbf77a13ca7e4e9d88b1cbe4ace01fffb88b4f610e5c

SHA512
6fb22cc9d1a7f8c2e4aed6f28be29fc67cdb872c5984945cde2114248067723bfbd2a7bbe1a86c23047d30036552514cdc2b38951d7da471373e27b234eb4c09

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
145KB

MD5
2e889e0f33110f70a220b62048f7d379

SHA1
9221b26b04f0ecfca3fab78d866ad77c540c4b51

SHA256
ab142d5931f58859de2b112730011ed48275af446b5131c3ffc40937f1ecac00

SHA512
1797fa5852c62a6a1b23b15af097c6f3c65192442f11d5718420f32e1c65e4ebc2a203818714d695d18c100aa2ea11efc2071a36e8953cbd823296c0a86b6536

Download Submit
memory/2004-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads