955a552821389bb9f1e30e53eaf488f77478d2c28f61531b984e2449dcb55ad6

Analysis

max time kernel
119s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4aa8ccfb780be749d51f76e832bfcf40N.exe
Size

65KB
MD5

4aa8ccfb780be749d51f76e832bfcf40
SHA1

47a753d1ae0f4229b1e337ba72bae92914201081
SHA256

955a552821389bb9f1e30e53eaf488f77478d2c28f61531b984e2449dcb55ad6
SHA512

40539960fa6d70c2acba781f8d74a599e6610e7a7741603656920b2e35ab107d5b3ffc9c68f0f2b812c6d24efd2f0060b7a83fc37258d4a88fa6d88d75361249
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDAfABJ6fABJwEXBwzEV:/7ZQpApze+eJfFpsJOfFpsJ5DX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3249) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jre7\bin\instrument.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	4aa8ccfb780be749d51f76e832bfcf40N.exe

C:\Users\Admin\AppData\Local\Temp\4aa8ccfb780be749d51f76e832bfcf40N.exe
"C:\Users\Admin\AppData\Local\Temp\4aa8ccfb780be749d51f76e832bfcf40N.exe"
1⤵
- Drops file in Program Files directory
PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
66KB

MD5
b93188215fc80e5ba5702318fc5bdd0f

SHA1
03c3a0d9946051479ac58e6545823cad74a56ab2

SHA256
a2d4be8cf14231f7be0db353aeb40479d4c09b0d13ef93ab9e45bbf3d23564f0

SHA512
939f155f80b59c95dbea7e445f0b316258cfe24ac90b6123621d9f9b9fa9f89fb6b3708f5637d8c04faa8e48c32d0a9019ce70516b02daebe1b13126295aac42

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
75KB

MD5
9c020f182b15dc4bd05166739c30c44a

SHA1
c38732252ecf55373d969ae9c4a7726e978f337e

SHA256
35e15e8cdb9b180d7182d23d8218dac711159ef5bc492c420ba869ada76611c1

SHA512
49ca50e30a9413a9a8a67d3cbd031497b0f2049a478f090315f3f97329d34f14506ab0c80da4896694599a4612f14d2f569dc2d4c679418ba59df2c76afb2c55

Download Submit
memory/2624-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2624-658-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads