0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad

General

Target

0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
Size

86KB
MD5

32dda3397eb284ad1a33ed8dec9dcb1f
SHA1

726f02fd6a803918ca8464413bf2f387c40676f5
SHA256

0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad
SHA512

0c7103c58747ac271aac6f04906e4585d63f84cbdee3e076aa62afea693b6cff65cdd28343a67aa120ab08ba3d16a8933e40cdb1f4e2e2b71d38f3a7e2a5a15b
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2vn:6e7WpMaxeb0CYJ97lEYNR73e+eKZ6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3451) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Windows Journal\jnwdui.dll.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\RSSFeeds.css.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe

C:\Users\Admin\AppData\Local\Temp\0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe
"C:\Users\Admin\AppData\Local\Temp\0d4b61396b5417ba81ca160d3a18888faaa19f4d1c02af19ddb56e30281027ad.exe"
1⤵
- Drops file in Program Files directory
PID:1632

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
Filesize
87KB

MD5
a201698629abc5f1c6edfc3469cb63f1

SHA1
198a126ddd2867336807a3aa43e91ec57937f452

SHA256
329986551a600af5c97461deff20dc15f2f4203d01f4a24e13db8d3ab1f71127

SHA512
0ac72178920240095cd6cd4250a86ec830d1129e304c5e61858e65fbc78f677603ce8abd1ebf86737bccbdfc00170408c68bcda81795ddaa908ba9c10263ef17

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
96KB

MD5
0ae4790e16c280439d5f2676a56fec31

SHA1
9e5a187b288ec9c65821b1c14bf6870999649878

SHA256
2e0f7e950696da3441572e6bdf76488ec18caad2f8c56214b0b575169eedb0d2

SHA512
a13fd94c7c69a32b58fbf4ccc4b0fe3fd7509c63a837558c5b7a003490438922d3bd46b3ab81ec2f86b65f43105c720629ebca214e629b03d1010f231ac9ffcd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads