3aec9cf8f76140fe469f12ea920372c627f491418daddd212efa3e797a9b38cd

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 21:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12f12c226b69c646875a8ea6dda71be0N.exe
Size

56KB
MD5

12f12c226b69c646875a8ea6dda71be0
SHA1

c038a4604dc62ee8f1a9096816351fdb8aae8eb8
SHA256

3aec9cf8f76140fe469f12ea920372c627f491418daddd212efa3e797a9b38cd
SHA512

6dddea83dc08526a9ea2b18b15253618f73b73b7413a052f062e563e0b1f0ef6fbf904c9286c327780158c84d641712d32ae52ae489b91e6eb6bd1ed07ae5fbe
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/2:W7ZppApBULcfpHLcfpX2/Nw/NwmxV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3138) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\RevokeDeny.ogg.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	12f12c226b69c646875a8ea6dda71be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	12f12c226b69c646875a8ea6dda71be0N.exe

C:\Users\Admin\AppData\Local\Temp\12f12c226b69c646875a8ea6dda71be0N.exe
"C:\Users\Admin\AppData\Local\Temp\12f12c226b69c646875a8ea6dda71be0N.exe"
1⤵
- Drops file in Program Files directory
PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
56KB

MD5
677fd4dc9d1b294b20790fc55805c9c3

SHA1
0a30260a5ed7fa1cec0742d0b745303256c4759f

SHA256
e9f25514b1f3c9ad3f5b5c5d86e5b8c80784fb66db0c666ca5e18ca75ae9a044

SHA512
8622c79afc9b7bef008573af675ecba53f07f279838422e0a61405d90e14d923c42adf5bbaf0a21e0a960cc4696c3b870f95bf66fbaa01404b696df0cb88a0d7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
c1aab49151cfa0dcae5d54bc80632b7f

SHA1
0301c23e96b82f80bfc8cf755b4264de5e843e55

SHA256
435d893b4b48e90c872b3f880833ab29f08e5f428c4b36164f1dae333cbdbf84

SHA512
b88312c9ff224a8a85546fdcae0b87eb684cc4567bfd027f7235a20f10abaf3ea99d886c0e6de8f7195cd8e569e788346fe7353dcb5d9e0b916625cdc0c658ce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads