0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
Size

46KB
MD5

22a1bd149d22282e397c93154c51af08
SHA1

f014263c10b40d037036fb78feb68a464b0169d8
SHA256

0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f
SHA512

992486ab613abc10dcd0642776a09ed34e885799d66a439e2ca785cbf18b3ad2a3188db5114ff2b1fafe635bf69cd8e5e0e7796b45e00a8d17d75ebc979ead40
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vh7m/FJHo7m/FJH8wf5Fi5Fc:yBs7Br5xjL8AgA71Fbhvhwfzizc

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3771) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\currency.js.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\MoveRename.vsdx.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Mozilla Firefox\softokn3.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe

C:\Users\Admin\AppData\Local\Temp\0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe
"C:\Users\Admin\AppData\Local\Temp\0175242a646cfce68d88680b82f51620d9ee7552157073340eeda61219c2213f.exe"
1⤵
- Drops file in Program Files directory
PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
46KB

MD5
4543386929e5269ce7e01bb85751d7b1

SHA1
73ef9539394d5f32047424966a54bb02f7d300af

SHA256
f569c9b06aea4c52f34d5133f77281861e7a066dc2ed8e7158614d68abad271f

SHA512
0aeabcde38c5c2731c2e17c355f0428cb9fb002ca4a69432e83b8687bd1df6e432b033e8fde4be7f117905d0fedea613928ad775e03e883b775d9a756e0d80ed

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
cc121da184584e62af6de010afe64fa5

SHA1
fb6d958c9f96124d4b2305026e92ddefc81948c9

SHA256
8e6db0e0826f0e6ca6b1ed0ce81022af95d3591465a005ed730ea7adc2612ad0

SHA512
0b73fee1760b1d4b135b6ef675d851ecd2aeb10ce549039a8c9454cd9668f69f49117118ab75669ec0534f3e3fedcaa541e814bb15ef61347584f32461cad6c0

Download Submit
memory/2020-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2020-662-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads