f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
Size

100KB
MD5

97d77e0e20fa8650505cdeddc7a4b64d
SHA1

5f591830cae000c936fd0f6af34b14549b4bdfb9
SHA256

f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe
SHA512

09cf0727c88a541b1becd7b4854298a888da89bced6596f94cfee297e4c53bced558cac9d31fd1333e413bbe77f8f519b46edcda458ac5f0e4aa1a340e7561d7
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXai/Uj/Uz:RqKvb0CYJ973e+eKZ0V9/Uj/Uz

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3440) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\init.js.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\gadget.xml.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\settings.js.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.log.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\settings.js.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe

C:\Users\Admin\AppData\Local\Temp\f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe
"C:\Users\Admin\AppData\Local\Temp\f6a93b16db7923fad917864ccaa3a7856e915a601ff208df47bfe6af2d03a3fe.exe"
1⤵
- Drops file in Program Files directory
PID:2860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
100KB

MD5
43df61fe375127b9de777768a35e4994

SHA1
990b929f95f13e7d04eac0ef7d96b05ed4dea077

SHA256
1fa7c0c5af2d1b1679715f5280e8f1f949cccc72f7762981d6aa1f3cd8eab7d5

SHA512
ea6c5fcf5aa8d2a8cba7877b6bef8c9d2e6e692ecc4bb9d0f683455e9b3441d86bef734db1b345cec886d5e7a1fcfa3a3d8321f8f19f3883fa03d862f6c89c82

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
109KB

MD5
2b4f47410306e10cd61aab2a39d7e1b1

SHA1
5538566e84de0a5458d2753f636382d471693e4b

SHA256
a906a877c8af3c4f70be34c1df9354e825b7fb20aa1a683671faee2ed0d4b36f

SHA512
3d2b8fd24eca6047c0a184b38c30007a26b9d8e3a985e0b299559188ea827ecd573ae9b2311d4134f970544f531c35890b89c264703929428cde2c6d8dd80ab9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads