6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
Size

101KB
MD5

6f2cbe20dab2e40e882e5bc647e0f30e
SHA1

bc28a7564ecd6237d6e1c558386ec846336f9145
SHA256

6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa
SHA512

e9cae7ea62ad4f0e0f2ff660d1ac0957f3ee324bf7dc7697d1f1551c2aa13273fa5bf2d2d6ba7c83022d71d70e110c7624549fc2a4355ece69152a9b46325814
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPbbIbj:6rWpcOPxPke+e3fFpsJOfFpsJbgEG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3456) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Windows NT\TableTextService\ja-JP\TableTextService.dll.mui.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.dtd.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\InvokeOut.3g2.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\currency.html.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\DisableCopy.pptx.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp	6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe

C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe
"C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe"
1⤵
- Drops file in Program Files directory
PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
101KB

MD5
64bfde4cac3a00308bded9638147d472

SHA1
e85f017da25e590c70575606c4d437e1e053540b

SHA256
bc5263bef9a85f0e1eb3c689337c3a532a20198bc4f88611871603850201b57e

SHA512
e8fadd50507fff06a1b5234bb619cd8be1a93341e20242edbd805fff1b5b1c587ce8aac63d3aa128ec511781f0a4fce7db47c30bab53e4a28289cf67145a888e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
110KB

MD5
6d5df6935886db07e842160e41861e33

SHA1
909f85d3846f0aa0c56eeb42bcae47b897269224

SHA256
859b693b7c1bc38a157b768c44123e03d9db394b04c828c3399b2d6997c6f99a

SHA512
1e8cd12a3724e590dcb1432fc1257d07b8ff17cfb9754b2e8dc59625d35eb0311b388e985ede4c4508d37d2dd0b2022f2fc6735966a2406cdf2493de18995e8f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads