2e5a683f4dcc9f7e042db8a2acae7c2273ead0952475e8c28cb917b1a41b4e71

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

520966323916076c31fcaf7c467d9540N.exe
Size

66KB
MD5

520966323916076c31fcaf7c467d9540
SHA1

ecdd6952e66fcef3772ed218e752a20b7e67df35
SHA256

2e5a683f4dcc9f7e042db8a2acae7c2273ead0952475e8c28cb917b1a41b4e71
SHA512

63fffd87125ddbfee47e5e78201569c2e930fe409b701085bd8a60ccb5be345d611edd381f9bfd1dab352f3eda3a4199548626236a62c386bb86808951cf9b8f
SSDEEP

768:W7Blp+pARFbhtlmlQ3y3RWvf+wi1x9f+wi1xBTCcX8vgCcX8vSd5hdx8MuBotHD+:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5Kc8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2967) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	520966323916076c31fcaf7c467d9540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	520966323916076c31fcaf7c467d9540N.exe

C:\Users\Admin\AppData\Local\Temp\520966323916076c31fcaf7c467d9540N.exe
"C:\Users\Admin\AppData\Local\Temp\520966323916076c31fcaf7c467d9540N.exe"
1⤵
- Drops file in Program Files directory
PID:3008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2660163958-4080398480-1122754539-1000\desktop.ini.tmp

Filesize
66KB

MD5
cc7b89d6ae92305d3f01f63141bcd456

SHA1
0dc5b7bb37d25225f093962a8d3adaeab83f96f3

SHA256
62a8f74fdf8b209bafec56ee9c41e48775f527573e8143fea865f3b784cb4020

SHA512
5c0d971444ca0835b0fde125080f998603fd2571a6509c5382d9bcd3afa99a70a9ffae804d26029f6365df6bd35bb0ea320e03714fb7adec01c23269a4136b84

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
75KB

MD5
bcad41b7821f69149d410b54131c0c43

SHA1
90eef9afedfc892427d47502a94d10ed14a8e7f6

SHA256
bb0d0d159a15834035f0c6d42a784ce9616be577f4c1e7f587fe24b388fbdc78

SHA512
c7bcbfa88a78cfcfde62a63f4275aa2be86b07887b1bf6d94c83ed46f2400f2545a2aa8b5d2e6a9e907795ef20bab612f644f073f5b6b2592745cd626a7e9e9b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads