acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
Size

84KB
MD5

9fc27a2726b4ff599f5bdec8e920a9ae
SHA1

bc88b9b575b7a37edecb30355190c4a1ebf5acd0
SHA256

acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb
SHA512

2b5775738e6f4ca2f1d2581db83c7e2f994e9ac365f04146fca394df6db82b18d501c0e0d6621e3c0695f81a1613af8e7fa4c5cce279d9b3fe4b0cc4e1923e41
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSd:6e7WpP9oVLQthbYY9oVLQthbUvO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3506) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRdIF.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\timeZones.js.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\picturePuzzle.css.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe

C:\Users\Admin\AppData\Local\Temp\acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe
"C:\Users\Admin\AppData\Local\Temp\acd40aaf13058b8f108a1160d9c25aabcf502a31d738fdde0d62918badfc2aeb.exe"
1⤵
- Drops file in Program Files directory
PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
85KB

MD5
4bdab902bd377d9e89862a974ad2d85a

SHA1
43e667b20ea2b82440e1a900d72365110004cdec

SHA256
cd4e494792919a52eebc0cb4f985356bd25dc092a34fb1ccfdbfcc8912704ee0

SHA512
f96014dc6b85940d81c0e4735b6a3fbc63e6e688de75cbc0b5339ce5f4aa5ae57db6714d0a4e24933cfe66c00a756aa5a4e5ffcfc25065d894d7456fc3d0cc1d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
93KB

MD5
dbfb9917a163db46fc5f1fb2ccf4bf4a

SHA1
a78a6362d62e93aa5b5b8206c48357362602abd5

SHA256
d8ec680349dbd4eac47f8d3b8dce287c0a99038379cb2833bcff5883de02beaa

SHA512
b074376355c47cbc84e75dd3c2e9434cf773a811676ea1eee5d94e23c133f42db3fe01854e9767138bcf276d97bf2467ddda515230716be2aeea8cab7dac3c80

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads