99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
Size

95KB
MD5

71a60092e7047bee35936ea1ba10e301
SHA1

eeeaef1108f5b740c28c13a7c5b5ba48a23f73de
SHA256

99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f
SHA512

cd83aba8f5586ead94807ca73d493c032e21fbd0b0ed0860927f21cffd8edf4f733e31f14dd785ff6c0065ea17fef1ef45849786bfeb40eb8d0818450e95891e
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN5Bx:6rWpcOPxPke+e3fFpsJOfFpsJbgED

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3452) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.css.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Defender\MpOAV.dll.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libbluescreen_plugin.dll.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\sidebar.exe.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html.tmp	99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe

C:\Users\Admin\AppData\Local\Temp\99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe
"C:\Users\Admin\AppData\Local\Temp\99da5a514d643c20aa9e4c3f171f7714c063b896e1720220872b35ebe77c538f.exe"
1⤵
- Drops file in Program Files directory
PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
95KB

MD5
e91bb5e864c736d975a882a41af05159

SHA1
ec541924227c45517421192170079b3aa9a8c513

SHA256
51862991b6705b998f0d78a6c29cfb42a2ae4d4b3197412d5f00f9f45ee32c23

SHA512
511170340e7dac6ec7bf0e90b44c4699ae6cfd01519ba1a610905a23770df8c2854ec8117509356421c52067a3dddb5b0bfe1029fa52ab13488694aab1e2bd02

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
104KB

MD5
bf771329a4ce70ce000cbd2b6489ce00

SHA1
d8eea03a9b09f77a1e1d3f23803788b63b633d7f

SHA256
9de9703f051529e2456aabf376ed0820f8c746f8f5f9e076eca03bf748086aa8

SHA512
57fa44e195ee7279770c12f7639d5d1d592d349c8e4a39ee6e83b57b2c8e0fecc3795aad0ed0b8d7661722da78b8ad8e21f99e26b1d45abeb1b3e7cdf0e9a3fa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads