af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
Size

73KB
MD5

2520ba8deefc5ef4e594508672b52b8c
SHA1

77381c37b2335f0a0bb55dd97c2954c2def348d4
SHA256

af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612
SHA512

a15f7731b0b18d922e2715207e5f452e6f07772c99e706a8ae56b633989757e699cdf76cccb2a57668c33613ee63ab42185f4dc3578b2896e183bba23cdf1849
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReD:W7ZDpApYbWj2WTWJe+e/qe

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3483) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\gadget.xml.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Journal\ja-JP\PDIALOG.exe.mui.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Araguaina.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe

C:\Users\Admin\AppData\Local\Temp\af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
"C:\Users\Admin\AppData\Local\Temp\af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe"
1⤵
- Drops file in Program Files directory
PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
73KB

MD5
c64365af9463ccf93f344de0833509e9

SHA1
060bb3bec273b83a3efcdbce056f3a278016259e

SHA256
72c977c007ca14bc628bb4de16907da8387bf32d5e43df4cbec306451e859c89

SHA512
0dd245d61d1cc573a1ce0bd5548c5cf1c6bd10b51d6b69ec069f8f5a0a918d95925f5f1d5fe38a6a2fe5c9cd11dc60b717e0d40b4a09568e0cf70bc173d8c285

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
82KB

MD5
b25536e0fe079b035172c27d30813e3d

SHA1
4899899a9dc88eb1256bedf52255f6034949bb2e

SHA256
2060bb076feef2b714612ab29f102cbc9afe5022c38a3aaadb036d234cea4563

SHA512
6bdb40137babb766d713f098d674f33e9a344f6ea10569c1fda4a315f50b40a5bd16d0f128ff6c23b0982bbefa6bfa22ebb511ce29d71417d8cd14525916a77c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads