341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
Size

73KB
MD5

bc578454e0ef89009e2c6eb1fe7c0e30
SHA1

6ff8fceea166eac21a70c54b464b6ad596a69296
SHA256

341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6
SHA512

6aae0a761362906162935f8147c7866ff66ed4aa965fb52c17fda145712ba3dee655a941780523bdb930ea13576d6df4ce3ccfaf1027481dd782d47382888792
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/HfFpsJOfFpsJs:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfF9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3528) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\settings.css.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Sidebar\de-DE\sbdrop.dll.mui.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp	341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe

C:\Users\Admin\AppData\Local\Temp\341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe
"C:\Users\Admin\AppData\Local\Temp\341c736ce520dbba00ed57eaceeddc82c48a0f76096ffca1d7aec51296dd86e6.exe"
1⤵
- Drops file in Program Files directory
PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
73KB

MD5
4597c3e50fc8d87ec6c1a328cd9119c7

SHA1
b6a01d23cc0bbbc88f99adb05eed6c57110d330e

SHA256
0efc54b1997dddb336bbfb2f71a75d67ae045e845ae4be7423c00e1a927a70f1

SHA512
ccc9b72c12065bfcba07d3419c5242b75f32dc8b55688f6179053ab7d44bac6b53d2d3b391989f209087000b01221e1b94424f3565c97e3e2ed9e9d5943e0b5b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
82KB

MD5
d3afeb2462774174f88f3a62af4a85c3

SHA1
c67a8f825dd9a4a3ab2b53ad2aa2aeeae6895995

SHA256
f13e86e7090475b221d31aee30db5a32011a486103e8ec77d3a95b6c03a7e100

SHA512
096e2e074979e49c3bdd4fe170cf1a347b7ac10175a1d96f8e0cb22c945b18b13163c9cd928a2be3ef41c0ee8ee8dd26dcbd14513a9d058729e922d778751ecb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads