261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
Size

34KB
MD5

5f6073796b8dfa56724f0eeb8f1e36dc
SHA1

c827cbf0f0e006f217a8c9e215ce45cc0f6ffe91
SHA256

261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4
SHA512

16685fbc2fe15e5fa837c8fb4a8c0f68330c500556c87d8c94e3e5f96dae12bebd0d2fe605604f96ed96273b3f8271657562971674a3e6e540bca11696b376f6
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN9HEA/8gGHEA/8gY:W7BlpppARFbhlAZAk

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4085) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipBand.dll.mui.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jre7\bin\jfr.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\PHONE.XML.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcroppadd_plugin.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe

C:\Users\Admin\AppData\Local\Temp\261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe
"C:\Users\Admin\AppData\Local\Temp\261c3e36e9ad0844b3c4421588156e97c9bf3c5d8869706122f48028ed814cd4.exe"
1⤵
- Drops file in Program Files directory
PID:1340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
34KB

MD5
0dde19c6c9adea777801fe42f194d387

SHA1
512b6fea15b62c2a0946cdca9397f3bae7c9922f

SHA256
a64658b54f14982f560ac467b65fb625844309024cea61a89dea80a40ce2b2fe

SHA512
ccd4b3e5f6112ff077918b61ac427c90d4435694ff9177feb9fe2da6725c54f9eeec8146e9b477219970c0bb64c17cd7def516df06ac1cba5990a0dafd21d440

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
43KB

MD5
41302b065f5ddef21e0aa6b7cee5ab34

SHA1
5f5dd1e9d8b221247ce2bb9e25f8640eb6ab28aa

SHA256
0f71f4deb5190665e260a1c9b48ac693d2cd8d3c83fac1abf35cd5be1ac43988

SHA512
572db908169621b4549f026991133397576dca70f4080f30cb465ddebd55b50d442124df5249e6c090f465a188ccb0b58eb19b64f92d72889a45e310a9e6b34b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads