Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
10-06-2024 23:30
Static task
static1
Behavioral task
behavioral1
Sample
749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe
Resource
win10v2004-20240426-en
General
-
Target
749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe
-
Size
47KB
-
MD5
259acd55665179cb120ec1fcc52e61ee
-
SHA1
fa65a71cfaa499a2c64edbd93c85f1d66820de06
-
SHA256
749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a
-
SHA512
c8ed0ec4bbaee06f14c27355aaf00b8a84c428cf7e38b166bec2ec085a540820a8a20921b55eda534262b00a2365aaabf7f3d31c184cac59f7aa2f8b4cd514f8
-
SSDEEP
768:W7BlpNLpARFbhblkYlkuvIYFWcDYcDrf11+Nwf11+NY:W7ZNLpApCZuvIYYoYox
Malware Config
Signatures
-
Renames multiple (3747) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipBand.dll.mui.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\7-Zip\Lang\uz.txt.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\7-Zip\Lang\mr.txt.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jre7\bin\kcms.dll.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files (x86)\Common Files\Adobe AIR\sentinel.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe Root Certificate.cer.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jre7\bin\klist.exe.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\slideShow.css.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\SuspendResume.mht.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD5a877ee9780b6c20eeb01dac5c94c0618
SHA19d1c38f3ce6aadcf1dcbf6ce0f3d443b183e8459
SHA256803a7838ff367e50c479f6879acbd58426dbab5c80036473e8439596ecdf2c36
SHA512720d42bef97a432db47e85727de63ba2ca55244836d8fec301f01d52bcbb40a06d1c7b0fcef2a7dd034bf172747b17e59310577fdef01cb3de903a4aaf40b4e5
-
Filesize
57KB
MD5030fa67903e6da2a19c3d84f6d375704
SHA11adb9900b8fbfc316d0ff73ff30843ef791716bb
SHA256d5508351b123eb8472870524c634a417750dfd31f5a816dc06475943716344b5
SHA512e96e4e47dac9996040fe655a80b7eb82874dd949c342e5b93d08064797f72b0c362e12f67305db2bcf76c274a3a5d528a450924c26672cd57b1f849c839e516b