Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 18:28
Static task
static1
Behavioral task
behavioral1
Sample
099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe
Resource
win10v2004-20240508-en
General
-
Target
099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe
-
Size
51KB
-
MD5
2a18571074342b006896cd4cf77a5de6
-
SHA1
42883816ee76f03341c9838bf40c0c887e515820
-
SHA256
099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb
-
SHA512
5486068a63559d095aa67594a01823826fbb2953ee28b1e66aa303fd2feeb86059392f00369aecc2425bfd0a20014f77d6bc0a0ac409e15d9b15a7a15b158775
-
SSDEEP
768:W7BlpNLpARFbhblkYlkuvIYFjKXPXnP6cB:W7ZNLpApCZuvIYhcB
Malware Config
Signatures
-
Renames multiple (3679) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Mail\ja-JP\WinMail.exe.mui.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\7-Zip\Lang\co.txt.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
51KB
MD559872545ab41428ffe1de210c28c8852
SHA18af36eb88165991d1c31fe56fb902d06478d60d5
SHA25645a7ec7cb0a2de0410e8699eb6da4fc2db6641a50529730a71d9964396a666a1
SHA51257b9d5ca04795fe9c96a0989c12bff4611481dec4d95eed87095b48cb4e045b785475c88ea3ccd9c61aa42ded7cf04c17dbd9a63632549e442b48f3a392064e1
-
Filesize
60KB
MD57b02424e7a96e38a1acb066c2aca6201
SHA1c848d48bf65d9ae3c8f69e7b1ce1e33820372c20
SHA25672d57da3c0218bdedd7c2c6d2d32e6263d9d3b5a72ac4606bf5b28d83b314408
SHA512354b210a1a1147767523ab21d75cd9913f90bd0b5097d40999915d21ff28f33401b3b881a1f3fa279478d599e686198a158d6321a81954d9def643ff5fffcc65