88f2cb22ca2cf0962a40d7e34004c3b81e5863409899bf0c85b82bed68a83389

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d321e4744b615e92a80124c6aedaf20N.exe
Size

38KB
MD5

5d321e4744b615e92a80124c6aedaf20
SHA1

32d09ccb2d9426c3f9c45ea9a4274471372a75f1
SHA256

88f2cb22ca2cf0962a40d7e34004c3b81e5863409899bf0c85b82bed68a83389
SHA512

5930688f729d8ac43a440360805100c276fdc609a8cfed400c4e7f0e8ec3b615ea53e6a7b55fe56fc4e913556c17497f2653b764ed38d43240a766b13a8109df
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN1qmq4Gqmq4MAAAJOQAAAJOwjyjui:W7BlpppARFbhwEnAAJ+AAJbjyjui

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3433) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Windows Defender\MpSvc.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mp4_plugin.dll.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	5d321e4744b615e92a80124c6aedaf20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp	5d321e4744b615e92a80124c6aedaf20N.exe

C:\Users\Admin\AppData\Local\Temp\5d321e4744b615e92a80124c6aedaf20N.exe
"C:\Users\Admin\AppData\Local\Temp\5d321e4744b615e92a80124c6aedaf20N.exe"
1⤵
- Drops file in Program Files directory
PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
38KB

MD5
9606befe4646e3bdd7e0a35f7d02cf98

SHA1
94d0a9d9e768aadc859bdba0cd133642a6c8ca8f

SHA256
cc36d954dd8f6cbe2a3f7012e9f001832ef79483d47143d406349c42372d906b

SHA512
d0b8e094d75cea10c0f57765c462aa2c394289409f07c38c7b1c1c3ebb809891da87f4c6792396e1f9d3b5d0672842050174dbbaa3f4a9ac8d3ec43630b93166

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
6bd6c5a5fec9403100b407741223c9e2

SHA1
469d131763ffd8c19b20cc15a070ad9401eab5c2

SHA256
51116cdc189c437e99c9e3e99b5107723e12789a2c9f71dd3dae401e4830610e

SHA512
66229a9607868dc47a9909b5586983b4ddfe2fd4fcb118a3019b26b777ef59b3cadf0c1b32b8235747e94c250da390854bf7653374c62ee89549891fbcabedc8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads