04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
Size

36KB
MD5

d0f580f6a74ac2b78525790d11a757a3
SHA1

6892f38e99e3c349e3ff922bc3bff0d9fe6b3746
SHA256

04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77
SHA512

548840f333d7af1e802bfa5c7709545d63cb5857a4781f1b284ee16db34610e8b49b3f50dcd6943e2939eab86c2e3ad4516d7169cb58f0453ef3c40e19089599
SSDEEP

384:GBt7Br5xjL9AgA71Fbhv7bhvo42L5FgAytBpR42L5FgAytBpyiAi2:W7BlpppARFbhjbhg42LcfpR42LcfpQ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4088) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\IRIS.INF.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\settings.css.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\localizedStrings.js.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\slideShow.css.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnscfg.exe.mui.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\flyout.css.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe

C:\Users\Admin\AppData\Local\Temp\04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe
"C:\Users\Admin\AppData\Local\Temp\04b9149266df61109df391fd2ce911100b88656899f5e44abef9b59b7a5f7d77.exe"
1⤵
- Drops file in Program Files directory
PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
36KB

MD5
4ea7942dc6f6934aa464ef5c76e50f0d

SHA1
88be7e530a5d48c07c0447ac3d8642053e11967e

SHA256
0bf83f1e797df3246a1301cf610a448a4f2887df45fd4b42d45f9f1ecdc5b12e

SHA512
22bd8834b2adbcaae583558f5ac2243f01bd96411f9cf2f2a4afac2225e93c42c34c4139080f57400d6c2a5163607ef305c8f84b3a639c2795bfa35dffed6713

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
45KB

MD5
2966b0ffab792d79733f00651e1d2657

SHA1
4a439d4a40d6efd90fbab3889ee491f78c708d97

SHA256
85278b4f47e0ead57f69697e1eb0968091874f6ecead3338be05683da95f83e4

SHA512
35ef8eaa40c5e3b3452f5c8fcbb373539d04aacb2a1d99f377242b0756dc343d9c2be6b91ee8aaeda2c2c018e13fb3843335e789c46f4eba9e9ab3d204bbf3a3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads