bc7d45717d0e6776a821f9b6008602eea477cbe6b5f983fecbb61834faf4a24e

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 00:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

291708d6d9daca0e1d7f5cf81fb8c550N.exe
Size

102KB
MD5

291708d6d9daca0e1d7f5cf81fb8c550
SHA1

4c3abb73641d7c665d4ff90f9ab0ca5963926ece
SHA256

bc7d45717d0e6776a821f9b6008602eea477cbe6b5f983fecbb61834faf4a24e
SHA512

890dc930391e8911860821a32854a2d9c9d5316f25febbbc0c4e1322fb845e662ff63f7b9f071fc1085fe01cad89e564cd030dfa54dc1a5c6777f56474c54955
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBp:PqFF2Ie+effy3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2918) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\shvlzm.exe.mui.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	291708d6d9daca0e1d7f5cf81fb8c550N.exe

C:\Users\Admin\AppData\Local\Temp\291708d6d9daca0e1d7f5cf81fb8c550N.exe
"C:\Users\Admin\AppData\Local\Temp\291708d6d9daca0e1d7f5cf81fb8c550N.exe"
1⤵
- Drops file in Program Files directory
PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
103KB

MD5
f99d27c21d17b84b5082d75e8ef64ed4

SHA1
27290ab2c66060280c33417905c44ab6f7aaa133

SHA256
2f4139a0b2481490a6ae0720a2ca5089af3c11aedab8b7cac4bfa941263e1ce1

SHA512
20ebee9282f9faff4e5bacee1ca1d6e59fe9cafc4f76ac0b71526db1cd6af7499ea04d2408f7f1fd053225a6df10911b3052037e2290f39c33f07c202761e670

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
111KB

MD5
deef7e5ce50252b99fff90485d239ec8

SHA1
1234ddebea7369da28c7b6a22249d7d1c5939c35

SHA256
284d1f6acc468fdf73a03d76a927bf3910b289daebedc02dc97a2295259d08a2

SHA512
7408a7dfa41789b808a7f2bdbaf7254b002976b62de94212f9ed5f0dcc8a2b338a6e14ce2fa4c822a8dd478486f3814e330eb17cc6cc82563a90745c28338c97

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads