609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 22:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
Size

45KB
MD5

3e404e26b7756ba2e73f204ce2106614
SHA1

258732b94d5d2cff8d8d7483105f532f6824654f
SHA256

609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361
SHA512

f9f7e58e6c7b2d5d2709afad35b0a35b922d1a57accef2be5e16bcf17f50ede47252154919db6b293d71ccc2cdf0b82dfe755fd83ac2f2ff43998bfe2d0a85fa
SSDEEP

768:W7BlpppARFbhFANJKaJKDhZ/D5zf6ydyf+abMkF24kzK3jbrCkoRWNk+AhZ/D5zA:W7ZppApoJKaJKlZ/D5zf6ydyf+abMkFP

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3701) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Journal\Journal.exe.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.STD.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\ExitWatch.3gp2.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\VideoLAN\VLC\Documentation.url.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jre7\release.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\currency.js.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\UnlockFormat.txt.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe

C:\Users\Admin\AppData\Local\Temp\609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe
"C:\Users\Admin\AppData\Local\Temp\609097d13ac71736a76d9781140606931c56bf5c5639b932fe6d9ca92c3a6361.exe"
1⤵
- Drops file in Program Files directory
PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
45KB

MD5
d8e9d70cf74713d23c82ab4a44b32685

SHA1
3975861473294eb40e81ab33551c91427ee8e61e

SHA256
0b4f663c73590c4e63ee89c5e55b4f6ca76277878418d5c3f3aa39bd345caf09

SHA512
063880e549bf78bace8262b6964639279ceaf4e5892e5ad0df9f2f661091ecf188649c0ba38621d77f324557edc18d6434e727ddb1d9e199631362f47e47cb9f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
4a65c75ee1680aad2786345b599dbf53

SHA1
362d3f1ed804572f467dd587a8a425fee1f7ec1c

SHA256
95e1656a722613efa7c844356fb082f226d012b3272fcfb8596ad7e11ab3bb93

SHA512
72385b81d9d5a2ff7fd3aa238ec2bf46c2aeabc6931028554f4128b16f79743c19ea8e51c2e9e1220dea272929c2b66245f61c998379c437f8243a294c918c12

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads