e9ea5d8a6c8c2bd9b36eb4e3f75830bd85a28432351937e77988146aeb1940ca

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49e91654854f7d37927694f2f0e45860.exe
Size

41KB
MD5

49e91654854f7d37927694f2f0e45860
SHA1

d46acf109330c02c1aa09b8e82e0e70913e3e05c
SHA256

e9ea5d8a6c8c2bd9b36eb4e3f75830bd85a28432351937e77988146aeb1940ca
SHA512

5bbf3228c171b758c155c8846d46d32d6cdd89e309306938387b807578b495bb0c63fb8ac9088213b90cee68fa333738db561644e334291472ad0fdd44b57485
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0m+AbJIaAjJ8+AbJIaAjJU:W7ZppApBULcfpHLcfpX2/Nw/Nw4/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (991) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	49e91654854f7d37927694f2f0e45860.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	49e91654854f7d37927694f2f0e45860.exe

C:\Users\Admin\AppData\Local\Temp\49e91654854f7d37927694f2f0e45860.exe
"C:\Users\Admin\AppData\Local\Temp\49e91654854f7d37927694f2f0e45860.exe"
1⤵
- Drops file in Program Files directory
PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
41KB

MD5
4af069b939a3eba59164873e5ce22388

SHA1
6dec9105031581e066dad7e82a7d926607c1b247

SHA256
4a5c7e0ac8ac6af1a8e247ea97136e1d1dfc4595ddf03b49dab2750b1efc42c7

SHA512
e0a14091d6ebd48f326b6c22f6a616699a6e45e91c3a548d50db10b8075295c766fc8859d4253ad99bed691f4365f6b2e5b9e71472d4a6151c638923b02c3a43

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
50b79060ead7f9411c3280172730d584

SHA1
14cf6005bd46bd81ebd1229b88f1baec513bb6e4

SHA256
8493501974e9de11416546ec51a17a5bc583017dce76a377f430a92fa704b6ca

SHA512
c44f3ef6afe6c15545f9777edaa1b2ab443484a731642ea4cf6571b55a80c1916619ebe865c332768f70fdcd744df3688404a855ab03a66c1bf398f7aace66a2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads