976751931b965dab356c4e39c6d17d599dbfa74d35918c6be45ad36126ea2f83

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
Size

83KB
MD5

1cdec23ac9cf9e9ee5fb1eb76cdfcf20
SHA1

f9aa71561301b7929a71766820ecc97d78b3de51
SHA256

976751931b965dab356c4e39c6d17d599dbfa74d35918c6be45ad36126ea2f83
SHA512

5652a946db937b8aca9d973f9b2ecb6b981dc1c9a93fd462aad61e018987a9c07c3db8016e006da7e20bd785394404acd2b856ba5cdf7f5519f154daf348dd6e
SSDEEP

768:/7BlpQpARFbhWGUKBb4JxobNH3bG3bnEXBwzEXBwi:/7ZQpAp+KBpbNX4S

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3697) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Windows Sidebar\wlsrvc.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\gadget.xml.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe

C:\Users\Admin\AppData\Local\Temp\1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe
"C:\Users\Admin\AppData\Local\Temp\1cdec23ac9cf9e9ee5fb1eb76cdfcf20N.exe"
1⤵
- Drops file in Program Files directory
PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2660163958-4080398480-1122754539-1000\desktop.ini.tmp

Filesize
83KB

MD5
8f5b207958ab50a7224f090ddcfa3278

SHA1
4893e57753a3806fc32613e61031aa0f1a500644

SHA256
145de5093d6a8370fd99ac938f6ecf7db63419dc8a24577e001d86e3ae39d018

SHA512
b8048e47ab15f2d62641fbf996f7c66dc38a652fafabbaf43171cc245c76443e64355d5f7cf1c9407ef8dd1291315bfbf22bca10053421f6c2058cea35ccf051

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
ee66c0e60d87b9cfbfb8e98a08a35b09

SHA1
2b1319f4f66b819f79d6f39598293474c8459457

SHA256
848582f66b62418aba219f4e2a893b70b9bd95ea4300b31aac69e33f09424df4

SHA512
bf6dfab5abb9943d6541f5488f2dc24e60e412ff7133f9a284b30123ed8f1e17f07315ed6994b3bc4d797a05948d115b944be0d128d9e2cb7b5a4945286139f2

Download Submit
memory/2648-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2648-658-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads