f3e372f7cb0a694e80bbc7779e1e271e1eee392b9b9744581c0f24764f8662aa

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efcae1e50e0219a933131ad59f331020N.exe
Size

61KB
MD5

efcae1e50e0219a933131ad59f331020
SHA1

ce31c900d916c34921b8ccb3ae72f571b8b1aa61
SHA256

f3e372f7cb0a694e80bbc7779e1e271e1eee392b9b9744581c0f24764f8662aa
SHA512

b547c985d5ac7f7aeca61b5e7539df178887e19b333ac203fc426ce60ce428a212db99d2b19551af6c9b21b4be408b4ba18b65cd646da1a672a3612fd4c2b6a2
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22v55XZUuyfk4/KJeV4YqGUuyfk4/KJeV4K:yBs7Br5xjL8AgA71FbhvJUfWGUfZ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3080) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	efcae1e50e0219a933131ad59f331020N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	efcae1e50e0219a933131ad59f331020N.exe

C:\Users\Admin\AppData\Local\Temp\efcae1e50e0219a933131ad59f331020N.exe
"C:\Users\Admin\AppData\Local\Temp\efcae1e50e0219a933131ad59f331020N.exe"
1⤵
- Drops file in Program Files directory
PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
61KB

MD5
7e343353d678c6a09a25fd81bd709023

SHA1
9c021be748893bfa6717618e413e9efbbcc2df10

SHA256
8259cdf28f85d789841137b3ce68d474b04c6e4a6d3d0de93ce8decdb83bbf90

SHA512
ac57f506c65422a31d064f15aaf206a0e79dc72a0fe0a1797ae4e6752e23882be8ae3419c282b15f39efdc72f58a365404781e6a45455f7c7353fcb18e9462ff

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
70KB

MD5
a5b1df6e79e42b720d7c26fd7856ecfe

SHA1
398cec403496eeaad6b7e6fd1cc5fa8d4f832a31

SHA256
1ebaf9dbf5b8d27687ff5d37abe0ee247cc900d84120409eafaaf6dca3113eae

SHA512
e16e5afa6057ee114d1a0ddffd3b98897deafeb814ff4b3c5c667613d5e6bbb7c360bf14c7a3098dafe18d4e79acdd75d50dcf477a0fdf73545aa799df2aca58

Download Submit
memory/2232-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2232-646-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads