9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
17/06/2024, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
Size

92KB
MD5

fcc3995d57d386f327c57c6c97ee52a8
SHA1

dd4e7b1f175270a8f0c3db3f1bc26ac8859362a9
SHA256

9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d
SHA512

a7b0dac67fa580acfca60c1c8e0e612bebd2f60fbe4f89a3f5b392a8e9c4c605090bb4874ae3300b1cbb0d761f7adfa07577bc4a75f3e7e28f673231e81b5da2
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNMW:6rWpcOPxPke+e3fFpsJOfFpsJbgET

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3493) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\PDIALOG.exe.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Journal\jnwmon.dll.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\gadget.xml.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libgl_plugin.dll.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe

C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe
"C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe"
1⤵
- Drops file in Program Files directory
PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
92KB

MD5
f94e781f928aa27dcde8f04aed5bec9d

SHA1
ae41b38ecb01b7d179ea188a50c62d7ad4a98cd9

SHA256
45329e433c2d0add3d99e3a2c94e57e88389f4cbbb265e94d543f94b633d519b

SHA512
30c5aff6b43fc02374d5337fe641eeedca1334e986b3dfcf415af91ba78e3812ccd0224327e07f81422cf48bf55eb5495dd81149428b14d63151186cfa0652a8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
101KB

MD5
ddb97bbcf5fa38a21ca440bf40b036f8

SHA1
ae04b4176bf9c1910f81158ae35d670bdd0782b4

SHA256
d691d5ef341662282f04787c52ef0391c9256a08607f77c20caf3082a8110ba8

SHA512
31ef51d06e2edfb113e0645097ae1b8e460090fd3f08c5f4e68d4d63c1079df44b7c77fc158182383c286e2ee362fd8bf8785e7301431f0707e535a6f033f7f4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads