Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11-06-2024 01:21
Static task
static1
Behavioral task
behavioral1
Sample
a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe
Resource
win10v2004-20240508-en
General
-
Target
a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe
-
Size
75KB
-
MD5
dc851ba2d43f319a168415ef63dc7803
-
SHA1
c874ee2fcf32d53f33220519dd08cca261485545
-
SHA256
a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254
-
SHA512
ff54fabdf2d68f713c3174ace92c55596e2955517eb1394a220657317ee477eafdaf8f7f2e1d7c0a6e9eb895b53373556dd260f0d4db83d3055b82d5efed647e
-
SSDEEP
768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHq:W7ZDpApYbWjIlE77ufL2e+efZwZ2U
Malware Config
Signatures
-
Renames multiple (3514) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\init.js.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\DenyStart.ods.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFPrevHndlr.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Media Player\de-DE\WMPSideShowGadget.exe.mui.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\slideShow.css.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\7-Zip\Lang\sk.txt.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Defender\MpEvMsg.dll.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\picturePuzzle.js.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe File created C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
MD59989336ae42f1306418490f7f65fb0e4
SHA18b8f1cc8de34a3237826fe6f458c3e7e11f5103c
SHA2563a96aff912faa8220c94eafa030c33f2f2d5d26dc9c4cac8a23b6bac461be4a9
SHA5123ac63189ce7461f9210681bdafcc2232a9a99cfdd3b37fca4d8509e9fd9351d97b73535ca9415fbb5164116938844675d73b995fb3b7799d6ae6ae0c53ad4b56
-
Filesize
85KB
MD5fdacd6933b3ddb5303b06b95a6750f48
SHA117593f0a495baea406dda0f9af1406a691b3c294
SHA256d23cc222db531e2e3bb3c3534322a59d883159cb2ba5fb428524491f417afd27
SHA512c451a8dba78e966e928ca4844442a6155f4f8a1bf2306bdabcd3bbd1872b33c0415ce86893cbc9cf3e3599062c288376d05db45712295fc7494cb1a4d57735c3