9ae28f3c0834b3d0ef0c2258a2b449e01b245c655bf637f2a6da615236f5ad0f

Analysis

max time kernel
120s
max time network
117s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36f9544b23224b78c201d48c68546bf0N.exe
Size

82KB
MD5

36f9544b23224b78c201d48c68546bf0
SHA1

a427b4f14c1658c2af8186e0fb48efa0d6327a04
SHA256

9ae28f3c0834b3d0ef0c2258a2b449e01b245c655bf637f2a6da615236f5ad0f
SHA512

c12cecd6bd707273a863d047b709160efda600b4d279d9a7affc3e33f2a87b82474496bccfe629af231b196e1231f5a1a1798ca372a792725431edcefd023641
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmh1444k5nd5nh:W7ZDpApYbWjIoPyPoLzV7c6Sh1XJNdNh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3040) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\ShowAdd.mp2v.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	36f9544b23224b78c201d48c68546bf0N.exe

C:\Users\Admin\AppData\Local\Temp\36f9544b23224b78c201d48c68546bf0N.exe
"C:\Users\Admin\AppData\Local\Temp\36f9544b23224b78c201d48c68546bf0N.exe"
1⤵
- Drops file in Program Files directory
PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
82KB

MD5
9a603c4fd7d1775f9ecea4c6da63f1a2

SHA1
653d1340927d91c21b98d29fb2fab8ed13bb1c70

SHA256
21db2f63b21eb06e2bded21efcfe1f16530cb6289c2ade72923f1d875684f3c6

SHA512
e3e0a12962077d810b3d54b3d8ff976d1399c509ba6099683e8423aa54079ea6cfa25fb27f5b430ba02b47b558bcd5e19700d3519c4eb2de3ee0dd6a5d6bf170

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
327cff43675371ae67e2fcaf0526873d

SHA1
93f29f6a246b999ed86f3d4dbf0224a4feac143d

SHA256
79ca153b3bc84f9512790fab6764baedc01ed9b993f11bc1063d5e3fe2156086

SHA512
1a955c3faf33c3702a9a19f051ac3ce43da27055bb0a5c23eefd89da51de94fd66923b2cdbf723ee3a6c9c69e6ddc91815054ade799c21ad1f59edb1a430354f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads