1197d6f368879f0ee41b13a8e12f0cd7d4c460b8b9a64128fbd42a831e500b57

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 08:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
Size

40KB
MD5

6cf9c6e2aca2b0f19b473b3489d45fd0
SHA1

da03d5544ab882f9f6f8d43ebc0cb84fe4482315
SHA256

1197d6f368879f0ee41b13a8e12f0cd7d4c460b8b9a64128fbd42a831e500b57
SHA512

feb27f14a327349df541193acbfdd424e12a914892cde2a976a05f8384c096f6fe472ffeaab3aff7143b5159d40c6c09d94ae03c55942a6c529624da11a94f47
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN10wpAp/lvolGClvolGwTCus7svdY:W7BlpppARFbhbt7Y7wTC8dY

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3447) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmpg123_plugin.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\ConvertEdit.sql.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	6cf9c6e2aca2b0f19b473b3489d45fd0N.exe

C:\Users\Admin\AppData\Local\Temp\6cf9c6e2aca2b0f19b473b3489d45fd0N.exe
"C:\Users\Admin\AppData\Local\Temp\6cf9c6e2aca2b0f19b473b3489d45fd0N.exe"
1⤵
- Drops file in Program Files directory
PID:480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
40KB

MD5
de2cbc6965a7c3ff84d4bfbe40ffa79e

SHA1
1dfb35a27834f44ecbf68fd1f53447b753f8ca86

SHA256
224352673a275cadd80ef3d7ef0f81bb12fba02dbc0b7eeb07ce9b0bb36b6665

SHA512
d895d4b234a768eb40ea616a21a414b8e2510bad6f7b902af2574a62e96b403ec8d92aaf298040c527a7eaa79a59ba28f0f316e91693c99743e787cfed6231d1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
2e93c975bc20f72347219c12a1e9cda6

SHA1
492e5745d11f4992d5153721a04459f6ab3ac772

SHA256
1b8aa9c3c0289a189dac1eaef4bb95617d89add5bbb25664eafc75069d069d09

SHA512
5a96475aef15e86a9ea789d3cf1d55018a263481a7e3f444a358b991161ac60e5fdf1777fda9a85cf9edcac04b1c23adf4de166c4f3b1309cb9698afca18ba5b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads