96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f

General

Target

96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
Size

82KB
MD5

7fd4fad2f6951e9555b2d98f99ba3a2b
SHA1

10e652aa37325acb177fbccbf8ae5ad678a22d17
SHA256

96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f
SHA512

b43516a7309ee026c71e934837585475e3d9e0ea3285a57c5eda44e4e1ff5f6cb137bdfc060f0a5f64ee18081b60645913c546a4a4022732a30bf9d8c3217b68
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhb:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsi

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3499) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\DebugTest.reg.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\RSSFeeds.js.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\init.js.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe

C:\Users\Admin\AppData\Local\Temp\96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe
"C:\Users\Admin\AppData\Local\Temp\96cef3eb22591f058da209ffe2fee6e416ba8d0e3f4c8e14bacbd0a35df4a99f.exe"
1⤵
- Drops file in Program Files directory
PID:1044

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp
Filesize
83KB

MD5
707572800f78573fae1525e31620271f

SHA1
7a7b1da447f542ff86942256dc52f52ec48804ca

SHA256
2442d7e0db63893bc079abd5bfabee5661242d3b6f0af31dfb399a919298f6f7

SHA512
4e1607a0ed8b79b31f1064a0a970c7a735f3298e79363f19fdf802672ab43bad7627adc82d1babb831f91b6ebf9b7f2b0de6d991755e14ec0e22c4f3a03cd29b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
92KB

MD5
feb867c2f330645ce757836cdc54f74f

SHA1
f37811cb86b35bdd95b414349b1bad065c5ae917

SHA256
750270af11b7fc4602e04feacd512a2e4bc9c2dfc10407f6f962935acffb0184

SHA512
c16893054404ee292028c80224f7d4290f5ff4cbfb06d0913dd374e710abc4e445bff83582c1534b89f951bda249b813a5be76e4f94df448d5363db9b539f043

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads