Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
10-06-2024 23:39
Static task
static1
Behavioral task
behavioral1
Sample
78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe
Resource
win10v2004-20240426-en
General
-
Target
78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe
-
Size
45KB
-
MD5
25e1ca297bab9176df3f52b8e9140b0b
-
SHA1
8a64c4c962a5cbc001f96f703afc7a226590dab0
-
SHA256
78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1
-
SHA512
1aa7d34b8a3c75394fee892c54f4b90675b5679ea3cb771692a8c58ffb319e717ebb36b36c4ff404a0194b0cb6b2999698fd299fec84324a8090dfc90d25d06e
-
SSDEEP
384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFO8A8a0A+2:W7BlpNLpARFbhblkYlkuvIYFI0A+2
Malware Config
Signatures
-
Renames multiple (3778) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\7-Zip\Lang\ca.txt.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\gadget.xml.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Defender\MpCmdRun.exe.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\weather.css.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SecStoreFile.ico.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\7-Zip\Lang\ka.txt.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT.tmp 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD5d247520b64081c63ebf9fb36cb64b579
SHA163dcfa71a1b5efea826116ec1887b57b9458ceab
SHA25658f20aba5e89dd9cb446032513c8b4464040a5f3c23186424d8096305fe9ce46
SHA5127f0d29669b8d4e4b78962d0b7cfa2557cad87c70b326204a4edbdb182873dbe30fd6f4b11cbca541d3a555a6e4cd3a6a32206ec76d537e02aa771b373144c298
-
Filesize
54KB
MD5da957d8a73cb65fef3099f0029a5169b
SHA173a6f735d46d4d6f5e863e1b1a69d908ad937f10
SHA256dcad629c75a32746089074f87b4b731e2eb2eb83354a3d2932dd8f34780652bd
SHA5127353cfa22578db3edd4263b3c141f151ef84368330dfab637df66f225528d86be85ad7b12e97a4a899eef59f3976e38c438152f3afe52c7683b05813034615db