fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
Size

30KB
MD5

8cce8e156fb7b128ba7fcaa766a1db4a
SHA1

36f5433f88615b578614142a2fffd07e75a09de1
SHA256

fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1
SHA512

7c5d8a457d64253208693bb1891e9847bfafa577830b4537e82c79179982dbe47eace33774d2bd99f11af9ad23fb0cae7c5cc4df5b5b8de6fd8829359a3bfd37
SSDEEP

192:tACUADIY0Br5xjL/FAgAQmP1oynLb22vuN6GnN6GW3tl:GBt7Br5xjL9AgA71FbhvuNBN8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3755) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPDMC.exe.mui.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\JPEGIM32.FLT.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\RSSFeeds.css.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ahclient.dll.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe

C:\Users\Admin\AppData\Local\Temp\fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe
"C:\Users\Admin\AppData\Local\Temp\fa1864ef0acea4e050147f9142d5a807dacfebd4f7db2b9ce5cf3e3779022bd1.exe"
1⤵
- Drops file in Program Files directory
PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
31KB

MD5
eba88c902928ff6646c127b388e78ec4

SHA1
9de9343604f20bc9967798c9465ec044c5c258df

SHA256
22dfb686eff23c098f546c57e21cdd4c17d645123095599ace7fb4698b208572

SHA512
1871944ba2713489c8e14d388966816f6f301dd16100808c9e6341295ae9e46f0864264cee34be2b39e208fd208dd348d7161b971abe837ef98a1c8cc179118c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
40KB

MD5
3b4c6409f672f49de82c8d61da36930e

SHA1
4f9494785f23920b0daef20df5f6560ef0164f43

SHA256
8c47f5e8830a3bc4ca4e62d66d73a653a5731394b92a61870af1d578705384b0

SHA512
8b5a36e64cb90ff03f94591a414d5f11fbc5f5361688aff29c27af864ef4753986655307769712aa00e5a043bab996b4895e3119b7db053f68b4ed60d52c0bf2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads