962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
Size

71KB
MD5

6be6bf2dc23ac019f825c0a75d564dd5
SHA1

a75a5804f5e28fbb18cac3fa3858d6a5c7d82a1f
SHA256

962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32
SHA512

7369deec6e7c96304d59d7d085424b67c3c147b5fceea1d5ea719832c5d52234dc00d20bd1d00614fa1baac9e81b4c2505caf776d04c8cb1b7fd53b1baa37505
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReu:W7ZDpApYbWj2WTWJe+e/qnvf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3789) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\settings.js.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Windows Journal\Templates\blank.jtp.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Thawte Root Certificate.cer.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\weather.css.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\library.js.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Acrofx32.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\InkDiv.dll.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp	962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe

C:\Users\Admin\AppData\Local\Temp\962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe
"C:\Users\Admin\AppData\Local\Temp\962cf9a3db399793419de58f69b37d88b404b24794c1807810c4510b71be1e32.exe"
1⤵
- Drops file in Program Files directory
PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
71KB

MD5
d91229aa941381699a7ffc79373ec552

SHA1
535de0a1c151b73f7e7cea8b9d6af76571393a09

SHA256
2ff5121c9aa0d605dd4120b0ec8802b6f325e5e429e1665d57e676334e036de7

SHA512
7287932601eda147779cadf7edea74ce17b87e4c0b27ff5dd0f32007c95b712d5bb9a8b8e43a7332ad3f382b6434b0b302a0e28bf129fe619472f27489da9494

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
80KB

MD5
73f9620a916387c8c6f3c38be3d028ae

SHA1
d9f3c5f8eb40b86934ee325f485fb94f363794d5

SHA256
cd29936ca4d16929561908353e7dea0f95c56b695fbb473d2b7e9835a6cfc559

SHA512
b1f3b47ee30318e50e0d3ddda6fc1f4d20fea2bd01581479dbcf3645da886dbe5aedbd8e094151441b6aed76264a2afda934be589bb7ebdfb892d32be24074e3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads