f2ab59a9e3b315ec7a47ead8f1d769fe56abed204df393f4d3577a6fd75e3ae3

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2048fb44555e2ea8622ca163315e8590N.exe
Size

68KB
MD5

2048fb44555e2ea8622ca163315e8590
SHA1

2a6412e977dc5eec2943bd71a036651247d6725c
SHA256

f2ab59a9e3b315ec7a47ead8f1d769fe56abed204df393f4d3577a6fd75e3ae3
SHA512

fda870ad95bf2afce33eb2266b1be0d7dcf8f146a345d7fa7eb8e9a1b18570738947d4282391bbcfb10df1aa62955355512f6ce645700452381051898459f19f
SSDEEP

384:yBs7Br5xjL8AgA71FbhvJUfWGUfZe/HtT8lNvqe/HtT8lNvO:/7BlpQpARFbhiWbb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2856) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\ConvertFromResolve.rmi.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp	2048fb44555e2ea8622ca163315e8590N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	2048fb44555e2ea8622ca163315e8590N.exe

C:\Users\Admin\AppData\Local\Temp\2048fb44555e2ea8622ca163315e8590N.exe
"C:\Users\Admin\AppData\Local\Temp\2048fb44555e2ea8622ca163315e8590N.exe"
1⤵
- Drops file in Program Files directory
PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
69KB

MD5
3f6e0905aea350e8e18a8a823fc0ada3

SHA1
1fe9131accd47e9342114f9c2624aeaf6450dbf6

SHA256
5bd1e8b64f208f267980fc343595117f16c0d8006c66404eb83cbb8ca7cb9cf8

SHA512
fd78b7e2dcbc158701719d5ad4f14ce44cee7b965d9897a42daa644ca3e894a4dbb216564dcc72fe1f4cd69a3b65c1a63415c6f5d5958e24b36ef59349b4e734

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
4f8f9e04a3fbb01c839671aab45ca356

SHA1
58c465d202694b7239f605cebdb35f0ba26e1002

SHA256
a153295c9108d20d9a811eb236858093d64aaacad2882750e9c29b5bdf7c7535

SHA512
da02f78e54a4e0b7514d90059a2443ab7efcb170094f5c413642f85eed5a503e31f0ef6e9b0ebf76c5109c62df7016e1f010549d6a7d948f1392454f2ccfcae0

Download Submit
memory/2028-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2028-536-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads