fa1d4195958aa32bd9ef4af0555c18e4b9c1c7758cedc7a837d745e23a167a66

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 02:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
Size

68KB
MD5

60a362e8e3a0a42ccd8f9e5f3fc990c0
SHA1

40d83d05a01a028aaf25fb7a483d23ceec7e6497
SHA256

fa1d4195958aa32bd9ef4af0555c18e4b9c1c7758cedc7a837d745e23a167a66
SHA512

f40decf43d9e2fae1055452e5dd934aedde52a77fe32c23f9ebd66cfdb9f923271b8b809baa4501b2f3d295eacaace659d57e6d54dcf47ac8049ea8fc5aebee3
SSDEEP

768:W7Blp+pARFbhtlmlQ3y3RWvf+wi1x9f+wi1xBTCcX8vgCcX8vSd5hdx8WWF:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5W

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3137) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IO.Log.Resources.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.3.2.jar.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp	60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe

C:\Users\Admin\AppData\Local\Temp\60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe
"C:\Users\Admin\AppData\Local\Temp\60a362e8e3a0a42ccd8f9e5f3fc990c0N.exe"
1⤵
- Drops file in Program Files directory
PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
68KB

MD5
1e45a5316bfc1f1a8eb994bc74845f66

SHA1
4ebf3605387e390bc6e4058922706d58ba304bea

SHA256
5722685da0d98ed6937ceb0dcaaf3c4be14e7d128dd0b47e0733b4d9a6762567

SHA512
13db2c4e2e966a242806c4b1574eea4e9d977b2eb43cfdb2c70440e48bacad23943a94d91c8bb99ad06409ad6533f8067cd5bae3dc1d3da48f84bd0613e0d752

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
e5564a06dac4b0554a63a13f3b6bb6de

SHA1
6c8ac60d6dd02c0963ebbeb1d5ad562ed80f9dfa

SHA256
dc0747f2ad395da35d60a790f1088b6208ed41d975d6b984cea0243cef5947a0

SHA512
c048f5054a961486344b20f3c3548e5f194fb526cf7af113aa1a7e433af750801a7a9447dc1b78bd1b429026960bb32dda18f889ebc177b602a4fdb818e86db4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads