6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 22:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
Size

81KB
MD5

5fe7a88d0283fd1176fab2e74af0f55d
SHA1

dfe90cda8c74ce0c8a907e739b1e657d5d292719
SHA256

6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24
SHA512

762210a85515f25a0398d924a4047ce8d9918efcdce25ebfa6133bdbab06eae70a3bb2dfa5288ca25b69eb25aade3571982c554d596e350cd5d5d96ace994a69
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t5m0m69YUpCUppXxXz:6e7WpP9oVLQthbYY9oVLQthbUrt7t5mA

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3644) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\localizedStrings.js.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\currency.js.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Windows Defender\MpCommu.dll.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe

C:\Users\Admin\AppData\Local\Temp\6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe
"C:\Users\Admin\AppData\Local\Temp\6f140939a2b3cf990ef533d63549292225e18181fc044ad5f63bd74b14907a24.exe"
1⤵
- Drops file in Program Files directory
PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
81KB

MD5
6c7750f93ea7452b17f98cba46f1cd31

SHA1
091b63ac23ce03d8def3557cbb2acb401bba6437

SHA256
a9be1dc178779b1cba6bbc3e7aa994caa91a8ee3fb1bce58052ffa3c886426d0

SHA512
255c10d039fa5a123f05b4d4e0d6b340640f3e5dac2da739a3fa20a323a71b8dd4eebc533465ae6f6f0f0cdf6da771c751edddc47024a983b99b84196d212549

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
cd96cc41a4260269ba86887af25d4f67

SHA1
29dfcba0e13a2b525abfb0cadbe128e2853ea592

SHA256
4e7039611a06caf58c11c7ec8b5fcb18657bfe99cbf58b07bbb22d0fb28a431f

SHA512
2c75df739f9ef26c1f40bfb5da597fc6f8282482e0453f245657a2b648aa9c1496b26fcde6c0ee09d8562f36ad486f4ffcd1b5066f010b8c808bbc92a80bd2bd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads