d70f4042e200fb4439effc4809c2374dca3f896e2a4c6c28d2b1659f01ce113e

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 04:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
Size

57KB
MD5

41a91e8b0d16b3ba76bc4bbfcdbaf5d0
SHA1

00a37dd93b32a73915e51edff09646fda0ad219a
SHA256

d70f4042e200fb4439effc4809c2374dca3f896e2a4c6c28d2b1659f01ce113e
SHA512

f642f060c8f799fa9431ef2692f162f7bcc6219c6eb7310dadc93e1553593813cf4c2e4f58d0027fead92aae0313ae9d1edea5c1be183a52feecf27d3131db5a
SSDEEP

768:W7BlpppARFbhwEnAAJ+AAJ3LnmJARJA3WzWiXxX2oV0OiJfoV0OiJ0o4oM:W7ZppApwEwnmJARJAaXxXHJAHM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3639) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseover.png.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ahclient.dll.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX9.x3d.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer.tmp	41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe

C:\Users\Admin\AppData\Local\Temp\41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe
"C:\Users\Admin\AppData\Local\Temp\41a91e8b0d16b3ba76bc4bbfcdbaf5d0N.exe"
1⤵
- Drops file in Program Files directory
PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
57KB

MD5
c3c8aa8b83daec446ceb518645b5100d

SHA1
108b03eecbf210476e917db597017ccc763c60ef

SHA256
298e2c5f1717413e3f4e81de1388465dcb4b07a889125f3d6d99350bd807f248

SHA512
be88b62458221ae02893ebaeb65326874591d4ad5011e4e5017e5fa564d155a98d507916d7d2cdee9fa3991fdf01fab92e1c857de496ff83855f7659a082adcd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
84f3d135b0db98bc8768788b16a0d50c

SHA1
f25cda83bd829ea09d84e4423ad07def9abf8b32

SHA256
7913618e3875aa7dac1627ae2ae022ba31fd219092096e99b82bf5e26b48598e

SHA512
0ae65360fe20e80a8eecb7a7ab5319a8d4f19fdb9a7235a6ea3de742665a4625be6336f0787986f61681e8a0e5e09f91f4d557bca9578f1983c739d626377394

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads