0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
Size

40KB
MD5

000c1c4a74451211fefed4b92f7b53cd
SHA1

9dbe6793f4fa442653a402f48a3d1c869bf94db0
SHA256

0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674
SHA512

0f1b708110ba84ad6c4d89ecdaa11cd3b53af7b8981044a1d59cde765fcb72d6bb563e3a7cd1a19bef20a5cf1ce39062ab7311cee8ca4255218e0e1cb9722c0b
SSDEEP

768:W7BlpppARFbhbt7Y7FoICOiJfoICOiJQ444ZqO:W7ZppApWmjX4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3711) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Windows Mail\wab.exe.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Windows Journal\jnwmon.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\settings.js.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter.png.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe

C:\Users\Admin\AppData\Local\Temp\0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe
"C:\Users\Admin\AppData\Local\Temp\0b7f671bfa3170b3acc0ab48582c278d312ac8d84e05ef966cef60be41989674.exe"
1⤵
- Drops file in Program Files directory
PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

Filesize
40KB

MD5
f102ed790aa20c769b3eaf1b5d6ea37c

SHA1
1e9292122beab767467acb1ec27f29fe4e7ec0fb

SHA256
60bb6fe66c4e625684204e22563c842a36ecefa3d20012e899fb8a7c98f2a84f

SHA512
49e74162fd67e62ff808f5f48e47e9490794b594666a663314238ddd7249e558d63e3099f20f4bf5b0a4496b9ea2b3e7a3890624561f98abf49a361c31eefb3d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
0ea67bc3f1bb298724b57e09e27cf0bf

SHA1
b2a56c741ac28bbe86965bc3141edc4c7dc600c3

SHA256
d6a825b71e8be9c267e943f9bbfcca960fe0fcd06198111527de3c20d9d9bfae

SHA512
d2a047caf9740f11d17788076ee4ab84316f887c651ccdbbae280be37d51d76217877fe718469ee9ba08325210ccfbc77e6f18fdca1ed87d3dc55cb2085ccf34

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads