Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
10-06-2024 23:12
Behavioral task
behavioral1
Sample
6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe
Resource
win10v2004-20240508-en
General
-
Target
6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe
-
Size
73KB
-
MD5
c36a272b352cf89f7f5488f5c9c148e0
-
SHA1
6348d7b580c279b777165299069f7a15493718f6
-
SHA256
6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b
-
SHA512
22278b237975ac43f2b32b9bb4295c32d231f8422e0d965c579f2aad7513543938402b8570e29caeadc225c5597e6135026dd03a5221fd46377b09abff4c75d0
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8Q8/8RYH7o:fnyiQSoskRY8
Malware Config
Signatures
-
Renames multiple (3547) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point) 4 IoCs
resource yara_rule behavioral1/memory/1756-0-0x0000000000400000-0x000000000040B000-memory.dmp UPX behavioral1/files/0x000b000000014323-2.dat UPX behavioral1/files/0x00030000000104b4-6.dat UPX behavioral1/memory/1756-656-0x0000000000400000-0x000000000040B000-memory.dmp UPX -
resource yara_rule behavioral1/memory/1756-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000b000000014323-2.dat upx behavioral1/files/0x00030000000104b4-6.dat upx behavioral1/memory/1756-656-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jre7\lib\security\cacerts.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\EnterEdit.rmi.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\gadget.xml.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Media Player\fr-FR\wmpnetwk.exe.mui.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Mozilla Firefox\softokn3.dll.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\gadget.xml.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp 6d03aab2bf5d6141d1255858f2861ed9c3aee58b9a3ed3a4636504e0de57588b.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD55686bbfefc9ac04d088d73b29ee44b22
SHA16c098f3dcb4f923d02fd5e8613ecd2c138f1cf68
SHA256a9f5a4e1293c325ddf139f58510094d1bde2b6f159ffebe99c81e3d0dcf7b029
SHA5121a516fbf0652472bf1ca2f1bbb802205fb07a3fa2b9a4d20fd6af32795e63fdc44e602fc74f693e50cb1bdd41baf021fe72ef8e33832f2304c6a580ae8f474ae
-
Filesize
82KB
MD525adf03d6a8e8941dda9c0cd37b0d0bf
SHA10abc4fe65689539910c10de03e2aef6c87215ba6
SHA25620993f06c9bb0d7920815ca8b9a1b28148117802336385f428c43f2cca3277b6
SHA5123eb241be9921784ca66e9c8c4b21c7b6f49ca1f9c061fe26e5d4deaa1ebca591c46308b4d5c2266fb1316ee1b44c0c44c1946262ad3180af598e2993975b48de