bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 01:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
Size

89KB
MD5

910dd736b566862c4fc1bc54f024766d
SHA1

0af5649ef306427243ddfcb0fc0a713f20286639
SHA256

bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08
SHA512

30db854306fbb4a81caf3eeb89cbefba174b47787c4da044b84f12ac5441158b149815f09812666e83faa5b25ea33b60a085eb721a2098bd8d01c926a4b7b6e8
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/DMQBw:6e7WpMaxeb0CYJ97lEYNR73e+eKZ/Bw

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3462) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\MeasureShow.rar.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\gadget.xml.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\library.js.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Mozilla Firefox\install.log.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\highDpiImageSwap.js.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.tmp	bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe

C:\Users\Admin\AppData\Local\Temp\bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe
"C:\Users\Admin\AppData\Local\Temp\bf2f870fea7934ada11ae0daf25b068d079c542efcac0b2c4890746fe5e62e08.exe"
1⤵
- Drops file in Program Files directory
PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
90KB

MD5
b8968af3d557e70a78866bf39a6ad92d

SHA1
371de9380ad6b4fbe29f21311b9559800d708a4d

SHA256
dfd79a5667eec026497377e33710a8858cf7be1d3d8e4f810782fd08f7e630c5

SHA512
718c1674b80f96816b30264ff6d8e3393f70c63e5a9168f672fadc797174ac2aabc21d0c775147d3c117565f2812f66ce0017f583cc1e64e03150cc64cc99085

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
99KB

MD5
f41f0a8b9b5fd7a81e0da691eaf354d0

SHA1
8dd50c1ae80318597dc53ec31aade0ca3ae3175c

SHA256
538adb5e549ffa4b44003a1d8afb15ce3d24e182f73871e79d72e5ea3ff41ad8

SHA512
d42bdeaf005035b1e393f547466e03d6f78d6e64e9c9d0a67dd5fd74d877637638361bfe903e2b3e1e38324e9f9c01b43e437cc6f6317ecead0ccfbadd4cb83d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads