Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
10-06-2024 23:19
Static task
static1
Behavioral task
behavioral1
Sample
709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe
Resource
win10v2004-20240508-en
General
-
Target
709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe
-
Size
81KB
-
MD5
99524f0e97132ebb2d26d6075a609a2c
-
SHA1
e061e2778578083c0a25af4a5b72cbe35d2cd22c
-
SHA256
709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2
-
SHA512
efc618613af4027e3128a019b748cce812df0d69ce56f4270ffff4949fbd192d49802e72bcee684c1bf9584619e0b55cc9ce57fa62d5fb5de11483f3a4fb225b
-
SSDEEP
1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSW:6e7WpP9oVLQthbYY9oVLQthbUvx
Malware Config
Signatures
-
Renames multiple (3678) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\calendar.js.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\eula.ini.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\DVD Maker\PipeTran.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Windows Media Player\WMPNSSUI.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\7-Zip\Lang\lt.txt.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp 709cbcb5256d38c04f08482d540b55a7d471759fce97b6a1d2996712a103d4a2.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5d3991e6dd14b0a95f667c574b43b25ab
SHA149e1a6dbc898e67ed8d8eaeca70925eea78b7001
SHA2561ac82d7f13f5296b81d3d015eb8011d700461cb25738f1eaa9addfa5e3bc88ec
SHA5122ab7398984ef5ad01292e8687587e8f8f41da080cc1d8d852b68227b0fca1a745e2335ce07501bfd0a289de02c30bff1d273657db8d3f9d9dfe19089b77ec850
-
Filesize
91KB
MD5616bf02200e0d01353edcdc2e35f0593
SHA1a6767426fb6ac7583b83438bcc146e9e2a26f221
SHA25639c59804a4ebd67524dc7ea2233d039db6649ee0aae72d0a64649037a09315dd
SHA5125fa3f22f99c5e01e3bf82f975eaa5f50aad79428500beec12be1ce3c4779cdd9c75479a72d370e6118045948aad8a87ac8992bad148809d572be2ac396e88610