12b5443464d556c646716fe2be1f9d8000b3471ad179b4671e9a6c09bc95ccfb

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
05/07/2024, 23:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b32ad1c51aab44cc1542790a78011d0.exe
Size

90KB
MD5

1b32ad1c51aab44cc1542790a78011d0
SHA1

9397e89736acc549aa4a25a7c8d83408290cea47
SHA256

12b5443464d556c646716fe2be1f9d8000b3471ad179b4671e9a6c09bc95ccfb
SHA512

8f0f11c69052da00ad8a342e7739435d5d01ddf0c06229f71e58338680b39a4b27830f37a383df7f2004a70fd1de29659cf5f92a220b749e7c522994d8cd18c0
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK2LUf7XQ27XQDT4r:69WpQE0zUzXZX7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3635) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\library.js.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_Off.png.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\CopyShow.odp.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\settings.js.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	1b32ad1c51aab44cc1542790a78011d0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	1b32ad1c51aab44cc1542790a78011d0.exe

C:\Users\Admin\AppData\Local\Temp\1b32ad1c51aab44cc1542790a78011d0.exe
"C:\Users\Admin\AppData\Local\Temp\1b32ad1c51aab44cc1542790a78011d0.exe"
1⤵
- Drops file in Program Files directory
PID:836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
90KB

MD5
58af64c91066aff8955d5cf0f09b5ab2

SHA1
0ec029f0666c0bcadb63af4dbde03e3ac4f77574

SHA256
9a73a448f0e9e95141190c352a177f42ae83671e40b331cf81cd3783bf53ac9c

SHA512
0a56d3b38582f84ef06920dece0d765997b6f523ad030442b72c5360746372c383366f7018f46e1f12b27d25129eeb8af24ad8b53f16ae30012d7b9daa3bca62

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
99KB

MD5
5e8924a7422093678556d32a79ba2596

SHA1
8b17dcdb8ff180cdd33eeb8ca4cac89883b16419

SHA256
9e5496a5b01ff6559a50c30cae355abcbc4b5b9cd38e8d523d284c2db7eeab21

SHA512
cfc2fdab84f8db0874614cecf5d9fbc2c534dc0a98b4330bd04d79d658bd7bbed000ea90a4538faede0b3d7469bc7a3b080a6c2f03db0e268e46f41f35a10bea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads