Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/06/2024, 02:01
Static task
static1
Behavioral task
behavioral1
Sample
1c31c15c9399d66984b53da16c2c2d30.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1c31c15c9399d66984b53da16c2c2d30.exe
Resource
win10v2004-20240426-en
General
-
Target
1c31c15c9399d66984b53da16c2c2d30.exe
-
Size
57KB
-
MD5
1c31c15c9399d66984b53da16c2c2d30
-
SHA1
fe64d929fada0db66a6ea8f615905546b604c010
-
SHA256
b9d9397eaa009defc5d0e4c3730a633710976c9c1371f3fb3ca15aa1583b23db
-
SHA512
9e1805e73b8fed40af6f9044d80ad1d29524b25fc7edc3361c3b844c909afd77e8c3065e3b7203f12c2fc66533fbf6611f0dbd291233900ec8eb48c2c099b871
-
SSDEEP
192:tACUADIY0Br5xjL/VA7AgAQmP1oynLb22v:GBt7Br5xjL9A7AgA71Fbhv
Malware Config
Signatures
-
Renames multiple (599) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\7-Zip\Lang\lt.txt.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\7-Zip\Lang\sl.txt.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\System\wab32res.dll.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\Internet Explorer\ieproxy.dll.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp 1c31c15c9399d66984b53da16c2c2d30.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp 1c31c15c9399d66984b53da16c2c2d30.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD55f99e129ce7a44be0e366c539bc053d2
SHA11a1a7487f757a2d81129eec24c41ade42aab1c30
SHA256a5321e279583ecdf4b1d481e419eb25e440109414cad1a4b610c4a6c9baa46ff
SHA512fed3accec77accaa433d8aec5449c67d2848277ec17fd546468ba3b730a904f1d0bec933d751c75205067883e6a4e681b56b215ccbeb6250e0dceefa9a8f37ea
-
Filesize
66KB
MD54a0b21d37c904e0dcdc64f35c8560c0f
SHA11a991b80d02a3c08011cca1080434591b18344f7
SHA256edabcf2e19c788c38dc329f8936a08133f9060bc772dc7de3ecc960cec1ceade
SHA51237395ff39442ec997f58b5c3a4afb95d253202aa5995ae2f2e85eb6882597f04f2a69df6293595ce58d0b8c39fecccf36da5f280009dd5e0dbfc5a6c44d7295a