135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
Size

81KB
MD5

a7e8932a9c673a7cdc4065b7a7e28bf0
SHA1

ac0a9134d407e94781cf8fe310ef3d0441ff73b9
SHA256

135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167
SHA512

2d25eff026bed586888c4a4a020a9c8f7b2ee3e5899c7cbb1db38230bac6e6f8964d92493cc8f142b9fde6d4078a03868f8a0fb988fa9ec27aec15fe37138870
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh+:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Windows Journal\JNWDRV.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe

C:\Users\Admin\AppData\Local\Temp\135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe
"C:\Users\Admin\AppData\Local\Temp\135de09e575367debebb1651112081a4a36c2265d95af9b0924f6e51f758b167.exe"
1⤵
- Drops file in Program Files directory
PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
81KB

MD5
410f8bc9e2578ca70f90c0d3660e5a4b

SHA1
771407a8a81cdc063ed6aecfdb95902008fe3b9e

SHA256
85dcac453e38fba173d1e9a3c8afafe5f41eaa93a691bec9dbb3a2ccf8739b4d

SHA512
c4d493f7b7889b734b51cbedc5bbb3e441fcec79a2e03da543006431ba6dbc968d401940509eee9c8029c380d0b4bf008f0371b0220f2281e2bde381f9189d1a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
099803d73c1b1bfbd2e41494bb6ccb7f

SHA1
3770c4fdc57b5a807c91728e59b983b133c92d55

SHA256
1cfe92a5e6febbbc7afea6584877456064a8e7620a560bab7f71650b58603eca

SHA512
00142ce938d7ba061bb0ffdbb644b819f02d42d5a7cee410504f19f65fd162e5c3d6882314f7c114cfed5e015bc6e9edcdcda09b311527900930685893bf4e42

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads