141aff2a8f38da1abd726bccdb75f359969386fcf0f2a697c6fdfc4416ae03f1

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e93f849f45c992f27956193f4b095f0N.exe
Size

83KB
MD5

4e93f849f45c992f27956193f4b095f0
SHA1

5e7a349020b1084a1771eeaa6c5436805d74df8e
SHA256

141aff2a8f38da1abd726bccdb75f359969386fcf0f2a697c6fdfc4416ae03f1
SHA512

6f7b4608503540433aa783c9ccf9f3c845aa24910084e78d01d5adf62d093eaa2d85efb3358cd4b6bb19d0351a5a41deb05cf21d11f0789f99f62f9eac86c0e0
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKggJ7L:69WpQE0zxgZ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp	4e93f849f45c992f27956193f4b095f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	4e93f849f45c992f27956193f4b095f0N.exe

C:\Users\Admin\AppData\Local\Temp\4e93f849f45c992f27956193f4b095f0N.exe
"C:\Users\Admin\AppData\Local\Temp\4e93f849f45c992f27956193f4b095f0N.exe"
1⤵
- Drops file in Program Files directory
PID:1872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
83KB

MD5
338bf3e9316fac82694f9e4782a6e265

SHA1
9fb5b317aca8f968c327769c933fe96b83b9c8e8

SHA256
a14229bd4bccdc8e32b37ee529a3c8a6e2f2686dd08a15c42e3440531b783ddb

SHA512
1f90fb30870acc89645ac5328f76a0e4879e0a7d6999f2ad16369ee5f54035dcf4cec226fa157715a7078651095f71035d3b9d67550f1c22f73e275feee07811

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
636509b423e60e5996db8b189c42a2d0

SHA1
782476b7bedfba537984a03e794aee2360407ac7

SHA256
29c975912661cfb2f039a0a77a7cf2795817d1f18070a74eb6579b19fc94243e

SHA512
053159a4b8676812bbdfc2bbbc87912f6a22330eca88c2090f560d3e42436804d927b42fc4c91d3d46ba1cbd1ccd82799db5b81e73845231ef3162a45790e618

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads