Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 01:14
Static task
static1
Behavioral task
behavioral1
Sample
065854c707faf010dd871dd4646027c0.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
065854c707faf010dd871dd4646027c0.exe
Resource
win10v2004-20240508-en
General
-
Target
065854c707faf010dd871dd4646027c0.exe
-
Size
78KB
-
MD5
065854c707faf010dd871dd4646027c0
-
SHA1
b3b85cf96c7de8194e2a192ee277f1e51735c09d
-
SHA256
d79ce1a98a73bac7e542c94cd051eb596901bc53c983ad8395d85b7b6acd7101
-
SHA512
5075e70349b03416918d070e1ee78ab67a5c8cc899cd5be45e794c52177d647aa79a7a16e864368b4ab28424f112ca6d520ad7e0534ebe4aab6571c0763735fe
-
SSDEEP
1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh4:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsd
Malware Config
Signatures
-
Renames multiple (3702) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
065854c707faf010dd871dd4646027c0.exedescription ioc process File created C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\gadget.xml.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\7-Zip\Lang\ug.txt.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jre7\lib\plugin.jar.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\gadget.xml.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\APIFile_8.ico.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\7-Zip\Lang\de.txt.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\PublishConvert.potm.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\7-Zip\Lang\sa.txt.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp 065854c707faf010dd871dd4646027c0.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp 065854c707faf010dd871dd4646027c0.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmpFilesize
78KB
MD561ec2bbe2cafc6f367dac7e4fe623bec
SHA1dae1d919958102cff52ff90bd62ab50397fcea16
SHA256bf25787a9660d12f56663c51846e45599eda1a8d0ce2ee0a4af05a270e45b91b
SHA51222ea6998fa24b82ad150b4dd49ece406aef9a7f2c7b4c449174ac100b30d0a0c837956400f1d6abde8920492688b0894a6b512c1a247d3047a2d434cda974071
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
87KB
MD55c7cdd0243b724bb3f86a53d55c8e7b2
SHA1e0f8f57cff8b37091a8124537b2fcfa6081efe41
SHA2564869b75d5a529c461c7ca66881de00e10ee9a0b4d6e4c03ab9da9fa4f8c3ca50
SHA5124ff43573844ae65853ec98bbeba301c85a341a41f61501fe6a72281611bb83215e1f84adce3b26fe8761cb90d1fd530d30aadbf859832d4b84c5f0e17a9cbc41