2e7d5ff3cf98e90c83b255d87e126d87f37173fc44979710668a60fa8c2c8f00

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virussign.com_f5654bbacf313c8c46c05627b6711520.exe
Size

96KB
MD5

f5654bbacf313c8c46c05627b6711520
SHA1

3eb761b480e641228249b302f4d247ae84925065
SHA256

2e7d5ff3cf98e90c83b255d87e126d87f37173fc44979710668a60fa8c2c8f00
SHA512

d75754c4310e0e4374a093f09e2ad39672d9c8de6bf904d8a7199e0d74e34de8bc721b40b0964b8151f36b72cb14f0389985bf97d372d3646dfeddc178a41705
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/8Ab:6e7WpMaxeb0CYJ97lEYNR73e+eKZV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3444) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPDMCCore.dll.mui.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Flyout_Thumbnail_Shadow.png.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp	virussign.com_f5654bbacf313c8c46c05627b6711520.exe

C:\Users\Admin\AppData\Local\Temp\virussign.com_f5654bbacf313c8c46c05627b6711520.exe
"C:\Users\Admin\AppData\Local\Temp\virussign.com_f5654bbacf313c8c46c05627b6711520.exe"
1⤵
- Drops file in Program Files directory
PID:1252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
96KB

MD5
a2f798a1358c3134b3bb56020d6cf7aa

SHA1
6ee2ca67eb2d529351c349d88de6dabd72190107

SHA256
a8c3a88b3d56412829d3217d99c00030cee5425c387e69c72384f1e73b99b0db

SHA512
c3ec10466f79f588b35bc9d8252b204bc6da9da91e71973a845fb67f032d497299c0d8e8a8f6e262ec824acbd7af044b32002ac20d306a0a2093262b3dcc2728

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
105KB

MD5
dd5c8010820d0076da68a83c71aeb5fa

SHA1
cc187238855c79e29c63c07def7ff047301701aa

SHA256
b0999488bd2c7adf11966c18aa2c73b3ce6f924a69165385405382ca817190fd

SHA512
5d41a3d371ccf855bba9693bc1a1a9bc0120f62d074895b21c4b32bb3c7090e8a1911e96bfba755bf2086eea1219b2272453d9082f5c797a38fe7d3868ae38be

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads