de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 04:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
Size

76KB
MD5

e9fb2e47384c89ebfd42ab50b0fb110f
SHA1

fc42fab7471d97cdfb6c9fe681ae855eea29bb73
SHA256

de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8
SHA512

ffd0254d8482e1142863d638367b4a2e442dcd56b1bbf43dc668471edf80469fca36bd47982cf644c001684f2e389fabe5695ff974161ee551cac37ebfe1bdde
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tUyCUyCJ:6e7WpP9oVLQthbYY9oVLQthbUrt7t44J

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3435) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Mail\fr-FR\msoeres.dll.mui.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\DismountConfirm.vstm.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\localizedSettings.css.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPDMC.exe.mui.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.tmp	de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe

C:\Users\Admin\AppData\Local\Temp\de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe
"C:\Users\Admin\AppData\Local\Temp\de778f179eca5e3267e01403dc2eeef87a0d9aadfcdb6a1750b13e0fb508f6b8.exe"
1⤵
- Drops file in Program Files directory
PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
77KB

MD5
5d96dfa162d48653a9909e0897dacec2

SHA1
173b0545bc8194eeed1f7818ba64549f61ba1cb9

SHA256
6a4d2c8ed14dbb8441a1202c6059fe34ae8ec74d0a361b50a775619d6f88f18c

SHA512
180baf1990e5066b456f2e611bb1a031b13f2d0459660ed75a6c020e800ee30cef1f212df657278728f2d94c190201ddf537016e4a74db8e7bc20252ba7b9abb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
c8010408e745dfbf57e5f6ca9f4eeb5b

SHA1
f3b88e6506227fcc9f81b5b941604273f449afa8

SHA256
230414e4cb1fe48284fc8785d9096c969cd10fddbf438c869be87856c2c77efe

SHA512
7ae32c38a4e78ff2db8ef1d477fdaaad07fda657e8fcdcf83eb940081b24aa307fb3846df020960fd8292f0537b560572eb7aa8c2bd7a4f7a64e842e13469f3d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads