9010e9ec3e80838743afcba0e6298f996f877140849b9db1ff02c5e01312ea9c

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

146e49b8cb36ca71e82eccabe3521da0N.exe
Size

39KB
MD5

146e49b8cb36ca71e82eccabe3521da0
SHA1

cf523680274896cba8bbe8a8e17e40d65002f4ea
SHA256

9010e9ec3e80838743afcba0e6298f996f877140849b9db1ff02c5e01312ea9c
SHA512

8369a9a526fb238e76179a7b3d3ee98c4a3dfb62fa65f1c7abec565d44f2c8cf432d41e184b504622310c17b869860a74db37fbb2d55db4f9bbedbdd6d65e768
SSDEEP

768:/7BlpQpARFbhn54fmiy+3BVr54fmiy+3BVu:/7ZQpApmiu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3851) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Microsoft.Ink.dll.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_down.png.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DAO\dao360.dll.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Windows Journal\en-US\Journal.exe.mui.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\SETUP.XML.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEODDBS.DLL.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.CGM.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\gadget.xml.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	146e49b8cb36ca71e82eccabe3521da0N.exe

C:\Users\Admin\AppData\Local\Temp\146e49b8cb36ca71e82eccabe3521da0N.exe
"C:\Users\Admin\AppData\Local\Temp\146e49b8cb36ca71e82eccabe3521da0N.exe"
1⤵
- Drops file in Program Files directory
PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
39KB

MD5
7418ba964dd380a755e8d8652b55f2e9

SHA1
cac903ba90f9c84ff505ce6dc072707169bbcb07

SHA256
10070bec97d0bd25d0b87b677702d70b34519ad3fe1639e4b2a81586e9a6ea86

SHA512
7720e68deb3a6790d600206d1332be23a9294dc896b187f4540ac1a6867248165a719baf5346ec450d661ebf1e6a5dd2b0429abc022a9cd5cb37559de7c2b053

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
0e99a0f678fa6a3be16edbe8ea47d8f6

SHA1
17bc6e39cfca396719b7b968c5fab4ba7187c146

SHA256
7aee5be9d46eca8e821eea5e9cadad4d1114eec8dff6fd7042e568797dcb7e30

SHA512
d6a44b5fc4801f905e47270e26a7a96676dd7e1071675c78b0a82a75fa6340bdd8b21007f3a285369b7560e3c7b9d679c918c13f0213e5aff9ff5bdcf44a437f

Download Submit
memory/2556-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2556-664-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads