92f78fc0e4f38e1b7063486b910938f1c13e5f06427165228fed38af0d43786f

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 22:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1a992e57086ac6f521eeefbef3c42120N.exe
Size

39KB
MD5

1a992e57086ac6f521eeefbef3c42120
SHA1

1de366d471ed756bff7388a97cd168bc7c23e63b
SHA256

92f78fc0e4f38e1b7063486b910938f1c13e5f06427165228fed38af0d43786f
SHA512

b333c6570d221a75df47c8f53fc67e2e0a7b7ad5135e47effa1bd78eb5474c4544e5b81a84954d722f0e8e22961ba1c718f84c69b606aae02ea3567f6a39aec3
SSDEEP

768:W7BlpppARFbhjbhQYjYXoSQOKiJdpMO2iJWpbOmiJfoSQOKiJdpMO2iJWpbOmiJR:W7ZppApBeF8wF8eyKoIWbsHfySkT5Ge6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3852) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipBand.dll.mui.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\gadget.xml.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\vlc.mo.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.LIC.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\pdf.gif.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\imjplm.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp	1a992e57086ac6f521eeefbef3c42120N.exe

C:\Users\Admin\AppData\Local\Temp\1a992e57086ac6f521eeefbef3c42120N.exe
"C:\Users\Admin\AppData\Local\Temp\1a992e57086ac6f521eeefbef3c42120N.exe"
1⤵
- Drops file in Program Files directory
PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
40KB

MD5
12d06f3de4fd3893a77f059e2223e462

SHA1
4452fdd26901bf58ba1282788ab016ccf61cf9db

SHA256
86aeffcb2917c8116d6ee33186a24772cdad580ce48a487d8828d35e5b334a2d

SHA512
7ad99a27667be7f817c5d37bea41a4f0bcd701ae3bd34fe34e6ce1603b6fab3bf3a044eb0530a63e6da99e7c53d6e0b89f92e70b26ba9e60fd03340dc71d7a22

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
a74ae2fc050c4919936387b7d11dc4fb

SHA1
2e1479e53d27ebf67246c338c209edfa92912cbd

SHA256
47bdd5ff660376cb8a199b846a3eb8747b0be1f803ac8242472becde809b8e98

SHA512
6451afa8b7a92c3c55208d366196cceb7203d9cc6a4071bfc56884a65b53f50304992c97487c7bdcd941fc825912f89b239f64c92d4d21fffcd3d696da87d1ef

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads