277ad99ee278732db17f4a79156b8870c29b323b16f7a8b846f9513ae597b170

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virussign.com_94108bf8801a2e696f0439d188c4d560.exe
Size

49KB
MD5

94108bf8801a2e696f0439d188c4d560
SHA1

7c96882806466870a8dae647a146ef0c1c2e27e4
SHA256

277ad99ee278732db17f4a79156b8870c29b323b16f7a8b846f9513ae597b170
SHA512

b47b2dfedea08cc2bc4d9a5ddfd43d4c01fce07e3e9d27c68022cec6f42a1f38c6d4bac10089474045f0b362c3f3737f3a199da7e689b14ff22924e171cc9094
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFKKXPXnPoKXPXnPu:W7ZNLpApCZuvIYy

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3690) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\gadget.xml.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.tmp	virussign.com_94108bf8801a2e696f0439d188c4d560.exe

C:\Users\Admin\AppData\Local\Temp\virussign.com_94108bf8801a2e696f0439d188c4d560.exe
"C:\Users\Admin\AppData\Local\Temp\virussign.com_94108bf8801a2e696f0439d188c4d560.exe"
1⤵
- Drops file in Program Files directory
PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
49KB

MD5
964ce5c698fa1ea62cd84ddb34fb727b

SHA1
44e5bdef3d751ed5652756bd53d0778c602f8bf4

SHA256
5f78d538ab5e269ad06b1c37a6dec69ebce8dd604f727a3424e27732829eb436

SHA512
68fab07eb41341804e4e8a876842fcc1d0b7ee2b58f8dd7b73d7dff43f671d1baff00c3840dce798c08608a858050a219c191fcab556c11c10d1d47d69b6fa77

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
3ee68860f5b468f62eda22bd5c87c200

SHA1
70113c21de4550f2bbb3bc89c131b84a43fe4704

SHA256
7af1c2828d430cfde81194c29627a9ed696c53fde0c16266feed601fcc5e85db

SHA512
307ae24bd0798589278c7c5cd64a65a4acfe7054d444fb35fbf88a2fd6f4d5cb5619b75a6c17be0c6c8fa4d7d4b9b26742f40483e2d16932554145e305d8f621

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads