6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
Size

76KB
MD5

06247d0cdd0e4a3670f9560ac9dd7398
SHA1

dd91fe301ce83d67ae259367cd0004ad3171b50d
SHA256

6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913
SHA512

2094c0ecfcf15c8837288962551cf4028478797ba28598cbe30035f512f3b60867a75fc2a63b81b1dbaf079e45e798d0a52d9f0de63ccd7aee6660a4cc63ef1e
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhP:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3703) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Windows Defender\MsMpCom.dll.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\gadget.xml.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Windows NT\Accessories\WordpadFilter.dll.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\SearchUnblock.mpg.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Windows Defender\MpOAV.dll.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jre7\bin\kcms.dll.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe

C:\Users\Admin\AppData\Local\Temp\6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe
"C:\Users\Admin\AppData\Local\Temp\6aa14f371efeef81bc1308d98d06d64d84f683e677f3b229cbf37603761fa913.exe"
1⤵
- Drops file in Program Files directory
PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
76KB

MD5
7a3a1cf7b288f5c550c5b33a2fe3ce90

SHA1
f2117df975a0e4d43ce68ea6bdc004b40bcaf8d7

SHA256
78205a6ef0344033a86e22256f23364cc02d57c3155003e11609e1ebd06b3b46

SHA512
f7a6388011cf38d9426af2b4006ef15ac97af26c079cc6ab49bc94491fba198bb5528f11538d5d2350257515aab85ebba7d4a6adf831316005603456de4050a5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
3a826ec76a98515c1e6791c922f7c0a2

SHA1
26465f38e3bac7c49a4ca5b962f1b91827e13d7c

SHA256
51cb85f7e61c76e19d5534fec1f17063a4b935f2ef0a89e1682e99d8ffabb44c

SHA512
a61be5df008989f7923906f2583373383e9b4735d7a6ab65298f9d7deb63ef7de3b5f7f6294a6ea5b0a36b2f841eb391176d7d11ec1d7a4bcffa09967c984f4e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads