12893aba8eba6932dd419f09430841d597f81f0381f505491886c98bf0dc2a60

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

062bcd68e3e168500bad91beb9e04670N.exe
Size

84KB
MD5

062bcd68e3e168500bad91beb9e04670
SHA1

43fbaa6bb493be663c0fa8329ac26c358ab6f211
SHA256

12893aba8eba6932dd419f09430841d597f81f0381f505491886c98bf0dc2a60
SHA512

829317a8f8756ea5299135e3316c900c2681c3da60809f174c7455b36d5c04fdc96ee8c519a5bd17af8a64a902e7e521cbc65fe439fba6397eaba0e096fb94ec
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhZEV:W7ZDpApYbWjIoPyPoLzV7c6ShZEV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3438) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Windows Sidebar\es-ES\Sidebar.exe.mui.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Windows Sidebar\de-DE\sbdrop.dll.mui.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\library.js.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp	062bcd68e3e168500bad91beb9e04670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.tmp	062bcd68e3e168500bad91beb9e04670N.exe

C:\Users\Admin\AppData\Local\Temp\062bcd68e3e168500bad91beb9e04670N.exe
"C:\Users\Admin\AppData\Local\Temp\062bcd68e3e168500bad91beb9e04670N.exe"
1⤵
- Drops file in Program Files directory
PID:1484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
84KB

MD5
a7c1ceb2c0d6e9ded40dd30070a9c95b

SHA1
d531ff232e231236783fba9d2e7c4c8ff4006a99

SHA256
400cab1304d70bbaebf15f9e590fa6942cb35caddcdf72d1e94c7964e7fcf76f

SHA512
483deb48a8a473218ff60ff1b39fd1de98ad5a24a28034d534014c30a1052d37e968baae345912800c8efa1d8d8f643798e4698972b226c55501e8d979036930

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
93KB

MD5
30996db9506be8fee431cf25b1cd1ad8

SHA1
fd008c51677215546957fcbe3fb431d69379ab6c

SHA256
a4c2f25962946d44cbf7ed79bf17b2bf2c59ae749ec2332b62a81b7f63354ccb

SHA512
b726d99d5ffdf8d5b960105c3e94fa4c90cd63024dc1a819b85bfb11dc75cac164518fceac15dabc338dea46693966272182029291e2be884b5ac37cb1a9ba6f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads