ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
Size

48KB
MD5

65fa8a0bcf9625585f396ba3b74917d4
SHA1

08280b1cedf39ebd9c8a21aba896b6f79376b770
SHA256

ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298
SHA512

d040adc7dac46bab65fc33247f599b24e428aaa14eb31105cb89d1e23f65b7ec2da679c10f7ce7a0f5b0e9ff52c4e9880a6fb60f9eb3844090162a52929de831
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNh6c:W7BlpppARFbhWJQiX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3433) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcroppadd_plugin.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe

C:\Users\Admin\AppData\Local\Temp\ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe
"C:\Users\Admin\AppData\Local\Temp\ba4893a373f9b482fa4e3813a219b0ba65ba30080c7d5d18096bb6b100f35298.exe"
1⤵
- Drops file in Program Files directory
PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
48KB

MD5
c5a85bfbec31316e69547257ce239385

SHA1
514443aad971e4b471006b501713486289d2c309

SHA256
fa5b2b4a89ba651876093d6e534be344e460771fddf96584e5f4c72c79e3e4cb

SHA512
856c694ecdb4ab36129ab1f208f07e2435b5d76711b0771a9c9fdc4563afb1766fb8ff5dd4ec0ca2094fceb4c6780ce9ac78d8f3fc790e4c8ae488351cc6f1d9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
494ff265ccf4fad74ec92e65eb51f320

SHA1
dcd248644642cbea77d6516008f4187c759d3ad6

SHA256
c026ee7c949e11d7ad798289bd870db21b02c52be7b8a5f75cda8a7855b780d5

SHA512
6c484998146a298bbca8473d6b2c5b4d610a612a2f3c1372caff51a57042267d67c5c941dd7d9bf678248e59886fdf023dd4e6113a451a3d22eb7d6f86b3653d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads