258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
Size

56KB
MD5

af7b6ccb677e9a124ca796f621eab08c
SHA1

d64c75971558abba0ec4798dcc535d46aeac0a8d
SHA256

258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd
SHA512

aa310daf3f01c993f424fda7a3da51edc18d30b8233c3d6565b48c4e190b2d4ddceeb01d3e2639217c2b7ff8c5a83ae4301cc19c411e7087e59407833fb49760
SSDEEP

384:yBs7Br5xjL8AgA71FbhvhwMF1XxXEh+v8L1f13PQ:/7BlpQpARFbhtF1XxXEhk8U

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3882) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\OrangeCircles.jpg.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\library.js.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\penusa.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\EPSIMP32.FLT.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Windows Journal\fr-FR\MSPVWCTL.DLL.mui.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe

C:\Users\Admin\AppData\Local\Temp\258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe
"C:\Users\Admin\AppData\Local\Temp\258d131d68c36f0a8569f13dac2acb8bd1d507d13f8cd54e36b9ae190be8cedd.exe"
1⤵
- Drops file in Program Files directory
PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
56KB

MD5
09baac6461c2a6fbd0e67c920dafbaac

SHA1
ad9fa44f1e6574f200fc9a44f4b7b91a82227ec1

SHA256
be045d4818108bcc89dc52cf7a2bfaa3c5c32b6091d7cd4f401095abe7ca5029

SHA512
19841655f222c1037567e7f0186b6f79877c3541bb9abff72d2372ab06c9e9c6a532957871cab3fb69624c5ce927833c3d3ef8510d700ef907650b2f40f3a9b7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
b6fd18838197e26980220ef63751235b

SHA1
78ffa625c9c1a209161b37eaad009ec687bc4d85

SHA256
c20a210e0d44a1b6d124ab6d24b817d8bd0600c7f5d6240af8a394b1d38edb93

SHA512
568cfe43bdac2fc3eaaefe1b1eba378c1df5b868f1e336ad6559c47e135ec99eff64a9c551598cfad8cd2064bdd46f73f0b1f12cecd000cbfc5ee61081bfdc70

Download Submit
memory/2088-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2088-668-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads