Analysis
-
max time kernel
149s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
10-06-2024 23:52
Static task
static1
Behavioral task
behavioral1
Sample
7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe
Resource
win10v2004-20240426-en
General
-
Target
7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe
-
Size
51KB
-
MD5
880bb22be5ca5146b402ffecf07df8b7
-
SHA1
727cf903f584aea9fe59be8b60a7a00367251011
-
SHA256
7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41
-
SHA512
8c99fdd0626e3e79c580602ae3dc223822ab2d84de9fc885a5b0680b91cc9a7fe34a3431fc5da2e0c3a8c29244cb3742c5b8b2cefa77633c3d891e6150a4f356
-
SSDEEP
768:W7BlpppARFbhWJQi3I1krJwYSoVaEI1krJwYSoVaX:W7ZppApHiYRoVa3RoVaX
Malware Config
Signatures
-
Renames multiple (3790) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\FormatGrant.vdw.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\settings.html.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\currency.js.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\7-Zip\Lang\hi.txt.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Defender\MsMpRes.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jre7\bin\instrument.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEXBE.DLL.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
51KB
MD5cfb70b5bbbf15db464588baaccdfc47d
SHA1cc6a96e06a13180913327471aeec753308c560c4
SHA25615c35faf2b4f72b06bc0a8947dc910001e6bc8d344c890dc4301fafca6c02f08
SHA512253415f60b31fdbee550796a3f018360b0702ba4a415deb047027dea19a0c8712b1151e787afd71d678a9edf26a08d754deee7b1f0e38618d66bebb7da05e5a0
-
Filesize
60KB
MD5efad9211f947003aa2e8c51be80c9804
SHA1989e0730bed768fe1ee622851cabec7ade1efa7d
SHA2568a1331ed8930d5f36da969207827aa682d4918142d04264f1c46ec59288f88e7
SHA512481ae556b122a5ce2e0eb0abd4ad9a73b14741e130db2faec00901b8b0d88c89837f778b770294132a2a8d51a7ca3c5a86c439fa135d2d38d6423bb20c364b6e