9922a3a8458951108277b3ef8d7bda28cc031685b8a8b19eafa5d815760c375f

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b88b59cd568d45a4ffea087a28961d0N.exe
Size

70KB
MD5

2b88b59cd568d45a4ffea087a28961d0
SHA1

0d4ff4a864af7b4756e41de967f7cc5dc16c53ef
SHA256

9922a3a8458951108277b3ef8d7bda28cc031685b8a8b19eafa5d815760c375f
SHA512

88b32fb20e7a84a54846a7e85e33f029e07453aeb9c42edc3e157f4854730d8bdfffaee70f7e30c06a58944c2cafc7ae55a2df5e660991f55e648ad0af64f844
SSDEEP

768:W7Blp+pARFbhtlmlQ3y3RWvf+wi1x9f+wi1xBTCcX8vgCcX8vSd5hdx8i1X:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5H

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3026) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	2b88b59cd568d45a4ffea087a28961d0N.exe

C:\Users\Admin\AppData\Local\Temp\2b88b59cd568d45a4ffea087a28961d0N.exe
"C:\Users\Admin\AppData\Local\Temp\2b88b59cd568d45a4ffea087a28961d0N.exe"
1⤵
- Drops file in Program Files directory
PID:844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
70KB

MD5
ee0ce580231fa5eecb0a8c2de8378eea

SHA1
9c1ac3398479a28b39916bbe0e6222485a36513b

SHA256
56e7cfda882d56f8acf046e105e69d55a475ff51e0314831022c76d909e07d9b

SHA512
d30b7e98210c10d26535f0b3e855f13b86e85b1d8993c9ede2bd374d8b7594305f2cd61dc61b12d55f7ec71bce906b458a8dcfa088b23e0272c41517826f4490

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
79KB

MD5
dc0ae2ebaef026a5eb958e02d1ca39a5

SHA1
356151474fe974228d253a2fba0849e0cc46d41d

SHA256
2c771f64540a49c4883991e154dc4f2b955e178f72d60df0883aa9a9a53daefc

SHA512
0d1b74c19a15fd13c6b0bca72bb1edacb5a7245fd393ecc54debf6f54f8506a8147090600478fdd10a04d1d49e031149c397a96226bd30506a4ec4d88244e2dc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads