71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
Size

35KB
MD5

2d45cd4aa36d77578c310e99535ae74a
SHA1

63c51c6a5f459626a11da0fa30d617f7f331261c
SHA256

71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54
SHA512

48f938a89789f7237945f8702a7834a274e36618ac80a3c6a9513a429d15a21a768204bb7dfefb9e806c67cf1c0341cc75cbcbd522b8053520317538a23224e2
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNQFQZUDqo8Wb3Dqo8Wb+:W7BlpppARFbhHFQZYr8WbTr8Wb+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3709) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Mail\de-DE\WinMail.exe.mui.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Mail\wabfind.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Toronto.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Mozilla Firefox\install.log.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libalphamask_plugin.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\weather.html.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\weather.js.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\settings.css.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
File created	C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.tmp	71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe

C:\Users\Admin\AppData\Local\Temp\71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe
"C:\Users\Admin\AppData\Local\Temp\71a21aa06b469a78e9304727da7bf7878f44b728a85dc82d782abaf0a71a7a54.exe"
1⤵
- Drops file in Program Files directory
PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
35KB

MD5
3a9196f2451e9b743fc32424b919f76b

SHA1
9dda1394f66ffd8bf8ceb1cdf321ffa1a67a3a5e

SHA256
afeed8a10da0417a8dd8ab9f3dc4b80b46492a2c43e0f2c110369e2f8cc9328f

SHA512
fea1131aca142f36c16db85d9f09dd63abbe0c407f470721e26f79cee100d01d29c2fa6bd5f92befd63c38ede87cd2910ecec9d3943b524d22624a58991a7da5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
44KB

MD5
18e89e48e520c1d458813624aa6fc072

SHA1
e2dc140f0891899af69f9d73371facf5655d3daf

SHA256
2f50e6e3ef80a876ea3e5966ba77b4e71461a24d3fc114fc47b5a82a67ad62b1

SHA512
95b4cacd42036316956412d639cb8c46c387d454d5860645d1f4a311894f297e6a56c3d767d3eedcc6f2b11145f2ae0c7f4b0b5a45cf44272a64fb8701fdc0ef

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads