Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
31-05-2024 23:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
-
Size
81KB
-
MD5
5ed17b7fe5276db4b32a8c920d8d0ecf
-
SHA1
df2747e278289f7d10998caf1fc32bd41a5bb701
-
SHA256
7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322
-
SHA512
b91d473614045a9ba9c62bfca9488f5116498265e687556fd8ccafaa15a72cc5b09b8e7174686829fc7e03f916f5ad064eea5551d9baf5a69eee7b6bfd067023
-
SSDEEP
1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/YMO:6e7WpMaxeb0CYJ97lEYNR73e+eKZI
Score
9/10
Malware Config
Signatures
-
Renames multiple (3459) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\CloseImport.mp3.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Internet Explorer\jsdbgui.dll.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libvmem_plugin.dll.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Mozilla Firefox\mozglue.dll.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jre7\lib\security\cacerts.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\gadget.xml.tmp 7bf9445ea30775be9d8095b65fc6bca4cdaafadcd04139a1f849f949b3e28322.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81KB
MD52986f807be33116e844f0f4836f030a2
SHA1f940c8aacb31a707f9b779b05db063ee9cabe6cb
SHA2568f7d02c09357f9cf73beb9f64bfe098e1bc16bd8fc556df636fa4265a4453bd8
SHA51273bd74f8a74231e1448025c6308ad79d24d8225916c804ff77759a60af53f663f677d002fef97905dd29ef896af92c5b22d5323cf283369c66614405e274fe9f
-
Filesize
90KB
MD54137457db88df8769ecf7a470f089083
SHA153af2e3cf6680a7e43e72be315213174d96292e4
SHA256d15cee22f647a3630d39e6ce868dce3ddba5ac43791c5fcbb9d53636c4a38620
SHA5121ebb3ac442ab744892a3534d6e3cfc33eedeb3455ab297f038d5bb2732389e03b0514e13e94fc9f28221bd5a48f9271c4131a73175c04b1aaf6726854a706c48