965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
Size

72KB
MD5

ad23b53a5771a5bb95cd31ab7a108854
SHA1

f92d9cc8499a8da033ea0420418e45679bdb7477
SHA256

965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec
SHA512

282f4c0d62baecec1d835e3de27eab304b12b52dcc9677845951597655e95b204f26384295f720b1e8cc19d584e78ba4067f4c8dfcf4e5880c69adb1ff366548
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhXRFRo:W7ZDpApYbWjIoPyPoLzV7c6ShXRFRo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3581) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.dtd.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Windows Defender\MpOAV.dll.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jre7\lib\flavormap.properties.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe

C:\Users\Admin\AppData\Local\Temp\965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe
"C:\Users\Admin\AppData\Local\Temp\965ade84a578160b864666f38e06761dd04ee3d84f9a791d6df647a4224c8fec.exe"
1⤵
- Drops file in Program Files directory
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
72KB

MD5
bd92ceec3ec26db7f90b91e90f8abf63

SHA1
84e2e0ea1de76a2afe9f91e387603291248efc46

SHA256
e22df03b885b50c968b368f693bcdafe3e6a0feec558467fd24e2063c56da8ec

SHA512
1ea6baa54bb88f155a8bb0a3996bed450c926a35b02e7bd46dc3fbf5a9082ca72a824701c532f949867e4e50626a8dfc6b89d1e45901653f55d4a00866e37dfa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
8dc2cd38cb6d0b64a16f579ae09acaa1

SHA1
5ed7a05e5693c59c95e5bbfb58b1a909aed77a4f

SHA256
12e1d0440e51dcf3ef8dae16662f181c0171cc26391a9d9ebfe98fa37d1680e1

SHA512
34bcd1e87fbbb19e7a16d5fd51cb78163ddbe091ded7f88e3135ba5dbf8ecb44d725a2fcb671a3afd8e8a0ea883607c0f1a3ebea9dedc960c26d41b49dd65abb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads