5422eb6515269a8cc49a0372163ca6ca294cd1d5fe4bcc229c3866166bcd14ba

Analysis

max time kernel
120s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94b4757c6c1908051bdf8e33eab24b90N.exe
Size

78KB
MD5

94b4757c6c1908051bdf8e33eab24b90
SHA1

8c52e23936099b937119415b9213ea79bc38a61d
SHA256

5422eb6515269a8cc49a0372163ca6ca294cd1d5fe4bcc229c3866166bcd14ba
SHA512

6b23b8a0cf6cbb43fabfb97399c6e73e5a59c0afb503c416cc3bf69309e9317172c3f1ad1864c33b934592d90c0629419c91fb979f7219a4b126f7d097df5679
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh3:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3180) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	94b4757c6c1908051bdf8e33eab24b90N.exe

C:\Users\Admin\AppData\Local\Temp\94b4757c6c1908051bdf8e33eab24b90N.exe
"C:\Users\Admin\AppData\Local\Temp\94b4757c6c1908051bdf8e33eab24b90N.exe"
1⤵
- Drops file in Program Files directory
PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
79KB

MD5
a741fc3ad0c3924827dc2f201f1924e8

SHA1
2f21a4371b067fd8c612de37565a38eb92e74510

SHA256
09138cf85466e24da73584cdb4810dee379b898f9a0bfb5e6d30d07bef677e57

SHA512
f536e52a538a25bf15e0f739d926538da68dc6a91e220f7ade9df782cd367e64f5ffc7c7132da7624765c1eb4791fb428dceba2a9b179b1afaea0f01b7a7c3fd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
88KB

MD5
43887e9e6c071eaf837ada90ae02d3f2

SHA1
3da663dab045d4fffa995de4f43e194d6bf4324d

SHA256
7f6323856c7b85ee04c0fcbcd86232b924133fe3995e0a81897c15838e835c46

SHA512
de8890d93165903c97e555f993a0466ee8604e9162f3a214ba0c3c13496cf2bda7c52251b3c10509f948da26798daabf33d96570fd4f9260e1a2288df53766bc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads