04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a

General

Target

04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
Size

80KB
MD5

0dc94aef173faef65c335c6154dc61a0
SHA1

3488b1b018937b143c6d4545d6a0fd00803626b1
SHA256

04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a
SHA512

aede2a8c9ba752a2cdb33944927abbe7c91bac2595845dcabca2fa3b5ec0dc66dc5c6eded8d930351e86f0f0ce0fab002b7b27c88bbf299b2468914698575b3a
SSDEEP

384:GBt7Br5xjL9AgA71FbhvoBl8sO4UbXSR2sO4UbXSRj:W7BlpppARFbhx34Ubb34Ubw

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3527) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\gadget.xml.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Windows Journal\it-IT\PDIALOG.exe.mui.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\picturePuzzle.js.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\gadget.xml.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.tmp	04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe

C:\Users\Admin\AppData\Local\Temp\04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe
"C:\Users\Admin\AppData\Local\Temp\04dc31e2d3191d41f4f2dcda8e4783c92847f931eba3b7cb02015b065b3e077a.exe"
1⤵
- Drops file in Program Files directory
PID:3008

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
Filesize
81KB

MD5
d0ce0c51c41725edcf9df451d24ecddf

SHA1
770229362e4a1f232a1fb4af0996423f3dcedac0

SHA256
b6093a994cfa7580582e09730bb4187f8cb46796455e21c321599dcc0c38bc29

SHA512
855f6fe4116121c7e6898e52a31dab395965cdc5a2966b8cbd3cfd42de0f0703a971e5c8fc71d55cf55ac62155f52562595c592d3fb4cdf0f03b9ded52813c5d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
90KB

MD5
b1e7ea503a2b40ae742402f6f11255f5

SHA1
db86de3c2244b4d46321edf8e0d2553c68dec98f

SHA256
8fe7d1210bf7cbc46ca192ab73b596fd10523580382228d5e37b4826b21e0114

SHA512
82d04f21d2088c5d836e61dbe1b849a9aecbe8ab7b73302bedd60581f73bf835d5c27252f85a10cbb9e850a7c15f6020cf3cbca3cf829bd2f9ece080d2dfb5c6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads