Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
08/06/2024, 01:54
Behavioral task
behavioral1
Sample
1ba50dcb10db9275f3e0825385943680.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1ba50dcb10db9275f3e0825385943680.exe
Resource
win10v2004-20240426-en
General
-
Target
1ba50dcb10db9275f3e0825385943680.exe
-
Size
116KB
-
MD5
1ba50dcb10db9275f3e0825385943680
-
SHA1
144a934a6cac107d2498c2c8df15478c80aecc00
-
SHA256
0c8b0a51a90659ff50855c4e4fbd5e99c9e8e253be2539bdb2023121d659f436
-
SHA512
378a1d70858ca4f15786d6044c260360d9dfcfaaab5e33be9d35b8cffb5f9ed3f037b7cb6303e5c201443ab447cdac4e96cb151f20f03d4e15f7dcdf6503b8e5
-
SSDEEP
1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfag4:hfAIuZAIuYSMjoqtMHfhfagPvY
Malware Config
Signatures
-
Renames multiple (3441) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2232-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral1/files/0x000f00000001214d-2.dat upx behavioral1/files/0x00020000000104db-6.dat upx behavioral1/memory/2232-86-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\settings.js.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\7-Zip\Lang\hi.txt.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\library.js.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Java\jre7\LICENSE.tmp 1ba50dcb10db9275f3e0825385943680.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.tmp 1ba50dcb10db9275f3e0825385943680.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
116KB
MD5658311d5f841c9e977c7529737634140
SHA1f21f914c8786db5bc1d05d2dd12e1c10b8395762
SHA256a843773b7fa5e6b41c559ef6a8fc96b212293da895c4e4ff519a7ee349b2207c
SHA5125c1cc97810c444b2413fe38a44d0cafa041cfd3e1976a81709bd0a4a8c8cc348c979e3637eaefe4a33723c9e60c33730c1298f75fc1df0a7dff0ba45e5152bac
-
Filesize
125KB
MD5d19f18b09a5916587279a48924399630
SHA1a84729f5a75d0a1c3f2e4efc215f780d5cda8984
SHA256aa27e6f375e3f9cba75290f46252fe2e703d9694fb95c85beb37b0481409f195
SHA512e9bd71f786c44dcc2d95799bc20b511238d2284a99524ff39b1d44b1e55dcbcb028c78a6f94fe5ed1b0438439d2bafd85fb7f11e88acb9bcd6b6f58d3330eeab