Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
08/06/2024, 01:25
Static task
static1
Behavioral task
behavioral1
Sample
1a3c6568eaac319a0c3f0527f2095860.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1a3c6568eaac319a0c3f0527f2095860.exe
Resource
win10v2004-20240426-en
General
-
Target
1a3c6568eaac319a0c3f0527f2095860.exe
-
Size
72KB
-
MD5
1a3c6568eaac319a0c3f0527f2095860
-
SHA1
3208e6766e67894a0feafbf96a0b138d58f50f0e
-
SHA256
e0e1b01f07c3bb5670683a2d7c73f28f0585834c3b2907b7b0498af762125783
-
SHA512
f658536cbccd556b25ab5c4dc30e0ce79057fc44cbb0b42033199bb9b861121dd3eff93e0ede47f801e6df64f029869ba4c0181cb4baccc92cbbd1590f2d088a
-
SSDEEP
1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhh:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsA
Malware Config
Signatures
-
Renames multiple (3690) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\7-Zip\Lang\ext.txt.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jre7\bin\awt.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\7-Zip\Lang\ga.txt.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\calendar.js.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\UseImport.xsl.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\settings.js.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jre7\bin\verify.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prcr.x3d.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp 1a3c6568eaac319a0c3f0527f2095860.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp 1a3c6568eaac319a0c3f0527f2095860.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD578724dad9a56973e3d2aefd1922280f6
SHA1af4eccfaed429b2f1f338ef3ffbc87689d6e80a8
SHA2563b60457dba74d5405f1deb476084153733652653bf35ae82366e9b08e085069b
SHA512572c87004f5299d64a4a5e1100d709dfaa6cd2e6b1f343b936ed85321cc1532872c8e7397e4197235d2e53c9a31146416b2f9150bb4bcb0a03e097f1274479a9
-
Filesize
81KB
MD5519b9da5513896afe6e9b652d76d8e72
SHA1ed15d0e9a2b09dd93faa1d425b3fba5ec5b15630
SHA256e24b53ae35437c7e4de9099a53fdd5c6f091ce887ca9233f9db10228a9d636de
SHA5125bcac4ba3ac43a4b439501d74e576f9f05ca6fdd93c775157c58fe4e67861556db3d9c9d3ad8a28ffb9fe321e957e4e6d013cb2c9ca4e8a4c350854eff2ab7be